Getting age from an encrypted DOB field

views:

answers:

+1 Q:

Getting age from an encrypted DOB field

Hi all

Due to certain compliance requirements, we have to encrypt the user DOB field in the database. We also have another requirement to be able to search a user by his age. Our DB doesn't support transparent encryption so encryption will handled by the application.

Any good ideas on how to allow for searching by age? One thought is to save the YOB in a separate column in cleartext and still be able to comply to our compliance requirement.

Aside from that, any other design strategy that would help?

Thanks in advance!

+1 A:

You can pre-calculate the hashes of all possible DOB for your application, store those at the same time as the encrypted DOB and search for DOB by using these hashes.

Not sure what that would do to your compliance.

Oded 2010-04-21 15:46:07

So how would this work? I can see how that would help with finding all users of a particular age for eg. 55; but not help at all with finding all users between the age of 55-65 years.

Mailforbiz 2010-04-21 21:01:04

At least not easily. We can ofcourse do a brute force search for specific ages and add them together.

Mailforbiz 2010-04-21 21:02:27

@Mailforbiz - That's the problem with encrypting/hashing this kind of data. You loose the ability to query it easily.

Oded 2010-04-22 06:16:04

+1 A:

If you're sure that would still be in compliance, then I suppose it could work. You may need to bring back 2 years worth of YOB and then do some additional filtering on the application side to make sure you only return people who really are the requested age though.

AlexCuse 2010-04-21 15:46:47

ansaurus

tags:

views:

answers:

Getting age from an encrypted DOB field

related questions