Laravel - LIKE operator to search for encrypted values

ぃ、小莉子 提交于 2021-01-27 21:36:33

问题


I am trying to implement a search module in my Laravel app that could filter users by name. In order to protect users, the 'name' column rows are encrypted on DB. The problem that I am facing is that query below always returns 0 results.

I am encrypting the search input value before searching into DB.

$patients = DB::select( DB::raw("SELECT * FROM patient WHERE name LIKE '%".Crypt::encrypt($searchText)."%';"));

What am I doing wrong here ?


回答1:


Crypt::encrypt("Text") 

The above will rarely generate the same value each time you call it, therefore you will not have the same value stored in your DB.

Suggestion

Don't encrypt users names unless you really have to. If you do have to encrypt the names then try the following.

$patients = DB::select("SELECT * FROM patient WHERE name = '".Crypt::encrypt($searchText)."'");

Your encrypted value will be case sensitive so change the column collation to latin1_general_cs




回答2:


What am I doing wrong here ?

Laravel's encryption is properly implemented, which means that each message is randomized!

Randomization introduces a challenge for implementing searchable encryption: You never get the same ciphertext twice. Fortunately, there's a workaround for making encryption searchable.

  1. Encrypt each record using authenticated encryption.
  2. Separately, store HMAC-SHA2/BLAKE2 of the plaintext (with a separate key than the encryption key). You may truncate the hash function output. This is called a blind index.
    • Additionally, you may store multiple hash functions of various slices or transformations of the plaintext. (e.g. last 4 digits, first initial + last name, etc.)
    • Each blind index should have a distinct key.
    • You can combine multiple fields into a single blind index.
    • For low-entropy inputs (e.g. boolean fields), never use them in isolation.
    • You may also use a slow KDF function (PBKDF2, Argon2id) for highly sensitive fields, although this is not strictly necessary.
  3. Recalculate the blind indexes when doing SELECT queries, rather than trying to select based on the ciphertext itself.

This may sound like a lot, but in practice, CipherSweet implements all the low-level machinery and should be easy enough for most PHP developers to use. (If this turns out to not be the case, file a bug on Github; we want it to be the case!)



来源:https://stackoverflow.com/questions/30575601/laravel-like-operator-to-search-for-encrypted-values

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!