Talk:Cryptography/Database protection

"2. Use the value of step 1 as the cipher key to encrypt the data fields." I find this sentence quite confusing because it could be understood as "Use the hash to encrypt the data fields" which certainly isn't the intention. As far as I understand it, this should be: "2. Use the index (not the hash) of step 1 as the cipher key to encrypt the data fields." --MaxBruckner (discuss • contribs) 09:24, 13 July 2015 (UTC)

I agree that sentence is confusing, so I changed it as you suggested. Alas, many of the database tables I deal with use a simple incrementing number (or some other easily-guessable item) as the "primary key" index. So even if we use the index (rather than the hash of the index) as the encryption key, it's pretty easy to guess most or all of the index values, which with this scheme leads to decrypting most or all of the entire database. Perhaps there is a better scheme? --DavidCary (discuss • contribs) 23:18, 9 September 2022 (UTC)