lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Wilkowski ...@silenteight.com>
Subject Re: Encryption At Rest - Using CustomAnalyzer
Date Tue, 06 Feb 2018 07:32:34 GMT
Hi,
sorry to say that, but your encryption is not secure at all. Actually it is
very weak. Since you encrypt tokens only (and apply padding) then it is
very easy based on the examples above to actually reverse engineer your
text. If somebody understands the domain, has text distribution and may
build so-called word2vec then he/she may easily use it to build a reverse
dictionary of your tokens.

On the other hand: this means that actually it should not be so difficult
to build wildcard queries (at least with asterisk at the end, not at the
beginning of the word). Check how fuzzy query works right now - it is query
easy to understand and straightforward when looking in source code. I built
my own version of FuzzyQuery some time ago based on MultiTermQuery class.

MW




[image: photo]
*Michael Wilkowski*
Chief Technology Officer, Silent Eight Pte Ltd

+48 600 995 603 | mw@silenteight.com

www.silenteight.com
Get your own email signature
<https://wisestamp.com/email-install?utm_source=promotion&utm_medium=signature&utm_campaign=get_your_own>

On Tue, Feb 6, 2018 at 3:42 AM, aravinth thangasami <
aravinththangasami@gmail.com> wrote:

> Kindly post your suggestions.
>
>
>
> On Mon, Dec 4, 2017 at 11:27 PM, aravinth thangasami <
> aravinththangasami@gmail.com> wrote:
>
> > Hi all,
> >
> > To support Encryption at Rest, We have written a custom analyzer, that
> > encrypts every token in the Input string and proceeds to the default
> > indexing chain
> >
> > We are using AES/CTR/NoPadding with unique Key Per User.
> > This helps that the input string with common prefix, the encrypted
> strings
> > will also get common prefix
> > So that we can perform Prefix Query also.
> >
> > For example,
> >
> > run           x5X7
> > runs  x5X7tg==
> > running x5X7q/nE5g==
> >
> >
> > During searching, we will preprocess the query for encrypted Field before
> > searching
> > we can't do  WildCard & Fuzzy Query
> >
> >
> > Did anyone try this approach?
> > Please post your suggestions and your tried approaches
> >
> >
> > Thanks
> > Aravinth
> >
> >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message