0

I am hashing some sensitive values to support search mechanism as decrypting the values at run-time would be time consuming. I'm using SHA-512 with salt.

For now, things look good. I have the hashes of the original values stored in DB that were hashed with a defined salt. Whenever user tries to search with the search parameter, the input value gets hashed with the same salt and I simply match the two hashed values. That suffices my work.

But now, I want to offer partial search. So, if I have the hash values of "Hello", "Hi", "Howdy" stored and if the users enters "H", all three values should be matched and retrieved.

Is it possible to obtain this functionality?

Anders
  • 64,406
  • 24
  • 178
  • 215
Shwet Mahalgi
  • 1
  • 2
    This is a programming question, not a security question. –  Jul 03 '19 at 11:59
  • 2
    I think it is borderline but it is about using hashes to secure data and search them at the same time without compromising security. I think it is NOT off-toppic because of that. Lets not overmoderate here, if it is not needed. – Peter Harmann Jul 03 '19 at 12:57

3 Answers3

4

No, this is not possible with hashes. Hashes are specifically designed to prevent this, otherwise attacker wanting to obtained the hashed value could start by checking first letter, then the next...

Also, you are likely using salt wrong.

Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
0

No, you cannot do it.

You want your salts to be long, random or random-like, and unique. Otherwise, an attacker can make a rainbow table for your database based on the salt. Then you will fall victim to targeted precomputation.

Patriot
  • 277
  • 3
  • 15
0

Is it possible to obtain this functionality?

No. In fact, having this functionality would make your hash trivially reversible.

Imagine that there is some row that an attacker wants to reverse the hash for. They can:

  • Perform a search for every letter alone (e.g. "A" … "Z"), and check which one of those searches returns the row they are looking for

  • Take that letter, then append every possible second letter (e.g. "HA" … "HZ"), and check which one of those searches returns the row they are looking for

  • etc, continue until the row is found.