Reputation: 3137
mongodb: Unique index on encrypted field
I'm encrypting SSNs in mongodb. However, I need to use the SSN as a unique identifier to make sure that a person with that SSN does not insert a duplicate. So basically I want to check for duplicate SSNs before saving. However I'm unsure if I'll be able to do this after encrypting this field with an AES function. If I encrypt and sign 2 strings which are identical with AES, will the output still be identical?
If not, what would be a good alternative? I had thought about hashing the SSN, but an SSN seems to have such little entropy(its 9 numeric digits, some of which are somewhat predictable). If I salt, I lose the ability to assign a unique index on that field, unless I use a static salt which doesn't really do much.
Addition
I would be encrypting at the application level using the node.js crypto core module.
Upvotes: 1
Views: 446
Answers (1)
Reputation: 3137
Using the same symmetric AES key to encipher 2 identical strings will produce an identical output. Therefore you can identify whether or not the encrypted field is unique by comparing it to a value enciphered with the same key.
PoC:
var crypto = require('crypto');
var cipher = crypto.createCipher('aes-256-ctr', "someString");
var cipher2 = crypto.createCipher('aes-256-ctr', "someString");
var crypted = cipher.update("hello world",'utf8','hex');
var crypted2 = cipher2.update("hello world",'utf8','hex');
crypted === crypted2 //true
Upvotes: 1
Related Questions
- Mongoose Client-Side Field Level Encryption
- How to implement data encryption at rest for MongoDB Community Edition?
- MongoDb Field Encryption
- MongoDB database encryption
- Creating unique index via mongodb native driver
- Encrypt Document Field in Mongo Shell
- Mongoose encryption
- ensuring unique index mongodb
- Sensitive Data separation within MongoDB and NodeJS - references via encrypted key
- mongodb, node.js and encrypted data