1

I am new to cryptography and have a question about a use of Vigenere cipher in the case of small strings. I'd like to encrypt keywords that are smaller than 10 characters.

If I use Vigenere separately for each keyword I can have a key longer than 10 characters, and making each string impossible to break (if I use a different key each time).

But I would also like to be able to sort the encrypted keywords to avoid processing them in the clear (sorting is necessary which made me think about a polyalphabetic cipher. I have hundreds of keywords).

For this, I would need all the keywords to be encrypted with the same key. And now I have an issue with the length of the key. Because I will never use more than 10 characters of my key. And somebody could concatenate all the keywords.

I have read that encrypting a vigenere several times doesn't provide more security. That the only way to make vigenere more secure is to extend the key. In this case extending the key is of no use, as I have small strings (so only the first chars of the key will be used).

Do you see any technique that could be used to improve the security, while still providing sorting capabilities?

Artjom B.
  • 2,045
  • 1
  • 22
  • 52
Jeff
  • 11
  • 2
  • Related: How does order-preserving encryption work? – CodesInChaos Dec 06 '15 at 21:36
  • Thanks. I had had a look at it but could not find any java library implementing it. Am I wrong? – Jeff Dec 06 '15 at 21:47
  • Another question coming to my mind: these data are being accessed with an Ajax component (name is searched, and the data elements are retrieved as the user is typing the name). Would a OPS solution cope with this requirement? Thanks – Jeff Dec 07 '15 at 15:07
  • How about plaintext? Seriously, if your crypto is that weak, you might as well not use any. – CodesInChaos Dec 07 '15 at 15:11
  • Well you may understand that not all systems are built from scratch and that there are dependencies between applications and data. This is particularly true with legacy systems. It seems to me that the most secure option is OPS, but if it fails supporting Ajax searches, then this is not an option anymore because the key corporate application will not work anymore. This is off course a tradeoff between security and usability. I am just here to understand. I am also wondering if there are OPS packages on the market, which I cannot find. – Jeff Dec 07 '15 at 17:06
  • What is OPS? Do you mean OPE? – pg1989 Dec 08 '15 at 02:19
  • Sorry, yes OPE. With a legacy system, the choice is very limited. Either we can provide a transparent solution and we change the application as less as possible, or we don't encrypt and provide other layers of security instead. I could not find any OPE package on the net. There are few FPE solutions. Do you know any good package that could be acquired ? – Jeff Dec 08 '15 at 07:34

0 Answers0