im trying to find a good way to allow searches against encrypted data in the database. Lets say i want to encrypt phone numbers, if its encrypted securely i cant search against phone numbers directly which hurts the application abilities. From what i understood there is a main pratice that is still performant and secure enough, which is a blind index.
I wanted to know what security vulnerabilities exists for creating a blind index in this way:
- encrypt phone first using AES-CBC with a deterministic IV.
- hash the result of the encryption with SHA-512 without salting.
- store the data in the index column.
Help would be appreciated.
