From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qlefebvre_pro@yahoo.com>
Received: from nm11-vm3.bullet.mail.ir2.yahoo.com
 (nm11-vm3.bullet.mail.ir2.yahoo.com [212.82.96.164])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 16 Dec 2014 23:26:12 +0100 (CET)
Message-ID: <5490B183.80900@yahoo.com>
Date: Tue, 16 Dec 2014 23:26:11 +0100
From: Quentin Lefebvre <qlefebvre_pro@yahoo.com>
MIME-Version: 1.0
References: <549023F9.5000708@TechServSys.com> <20141216155850.GA736@tansi.org>
In-Reply-To: <20141216155850.GA736@tansi.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] Impossible task ?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

There are some "order preserving encryption" (OPE) schemes, but they are=20
less secure.
And indeed, it's not cryptsetup-related.

I guess you should find something about that on Internet.

Best regards,
Quentin

Le 16/12/2014 16:58, Arno Wagner a =E9crit :
> Hi,
>
> not really a topic for this list, but I will answer anyways.
>
> No, you cannot do this. Proof idea: If you can do lookup,
> you can break the encryption by checking whether a person is
> in there via the lookup functionality.
>
> Sure, if you only allow proper partial names, the attacker
> does not get the last character of the name, but that does
> not help much. There are not enough names in the world to
> make this attack too costly, and the attacker can do it
> character-by-character by using longer and longer partial
> names.
>
> The thing is that the possibility of lookup directly
> implies the data is _not_ protected against reading it.
>
> Gr"usse,
> Arno
>
>
> On Tue, Dec 16, 2014 at 13:22:17 CET, bill wrote:
>> I have conflicting needs and fear that they may be unresolvable.
>> I. I need to store patient names (3 fields: last, first, middle
>> initial) with the first and last names encrypted.
>> 2. I need to be able to do partial name lookups if the user enters a
>> partial first or last name.
>>
>> I presume that after encryption the names are no longer in
>> alphabetical order, so looking up using an encrypted partial name
>> will not result in a set of names beginning with that partial name.
>>
>> Is there an approach to this, or need I go back to my boss and
>> suggest "plan B."
>>
>> --
>> Bill Drescher
>> william {at} TechServSys {dot} com
>>
>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
>