How to have a Unique Encryption Key Per Row?
nelsonic opened this issue · 1 comments
I've been thinking of how to make "cracking" the data stored in the database as difficult as possible.
If the key used to encrypt the row of data is different each time,
then "brute-forcing" the decryption will have to be done per row which is still possible ...
but it's like each "needle" having it's own haystack rather than throwing a bunch of needles in the same haystack.
Each table that stores encrypted data should have
key_id: the id of the key used to encrypt the data.
The IV should do the job of having an "unique key per row" ...
https://en.wikipedia.org/wiki/Initialization_vector
The only "downside" of including the iv in the record the way we are doing is that if the DB is compromised for any reason, the iv is available to the "cracker" ...
I don't know how to get around this ... 😕
could we have a separate DB for the iv? that seems like it would make the app more complex ...
Closing this as already using iv in example/app. 👍