Open
Description
Currently attribute is encrypted when its value is not null. If attribute has blind index, it is set if attribute value is not null or empty string.
So in case when attribute has empty string value, it will be encrypted but corresponding blind index will be set to empty string. If database is stolen, having blind index set to empty string may hint attacker that encrypted value is also an empty string.
Maybe it would make sense to make set blind index even for empty string?
I think having multiple occurrences of the same hash could be better than hinting attacker that value could be blank.
Metadata
Metadata
Assignees
Labels
No labels