encrypted string always the same

Neil Williams linux at codehelp.co.uk
Wed Aug 25 14:56:32 CEST 2004

On Wednesday 25 August 2004 1:30, Marius Andreiana wrote:
> I saw everytime a text is encrypted with the same public key, the result
> is different.

Try encrypting using a symmetric cipher.
from man gpg:
     -c, --symmetric
                 Encrypt  with  a symmetric cipher using a passphrase.  The 
default symmetric cipher used is CAST5, but
                 may be chosen with the --cipher-algo option.

> I'm trying to store gpg-encrypted values in a database, but would like
> to be able to tell if a user-entered value matches the encrypted one in
> database (by crypting it with the same public key).

Wouldn't 'crypt' do the same thing? SQL already handles this using the 
password() function. It's a one-way encryption that just compares the 
encrypted hash, as stored in a suitable varchar field.

select credit_card from subscribers where password = password(user_value);

> I realize this makes it vulnerable to brute-force attack (I encrypt
> short 4-digit strings and other short stuff).

In the same way as 'crypt' isn't invulnerable.

You obviously have to guard against someone obtaining the cipher text itself - 
which would normally be public with gpg defaults - as this could be used to 
sidestep your security.

select credit_card from subscribers where password = user_value limit 1;


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040825/ac0518e9/attachment.bin

More information about the Gnupg-users mailing list