https://stackoverflow.com/questions/16108792
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWith a unique IV, you'd have to decrypt every record in order to match on encrypted contents, since as you know you get a different value every time you encrypt the same one.
Assuming this is not acceptable (it would be fine on a tiny table, but not on anything with a decent number of records), one alternative would be to hash the value and store a hash in the database, in a separate column. You'd search by the hash, and you'd decrypt only the matching record(s) just to confirm it's truly a match.
The problem with hashing something that you're encrypting as well is that most things worth encrypting (credit cards, account numbers, etc.) have only a fixed number of possible inputs. Even with a unique salt attached to the hash, hashing is bad on credit cards for example, because there are only X billion or trillion or whatever possible card numbers, so if you have a salt, a hash, and a decent processor, you can reverse engineer the card number in a reasonably short time.
If you're working with something with a large number of possible inputs though, this solution might work.
Another alternative is that if there's a piece of the encrypted data which is reasonably unique-ish, but not necessarily secret (last-4 for a credit card number for example), you can store that part in plaintext, and use it to filter down your large dataset into a very small resultset, and then decrypt each record in that resultset to compare it against your search criteria.
