This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the security category.
Last Updated: 2024-11-21
I was storing medical test data in the Project S database. The test was either
positive or negative. My first instinct was to encrypt the result. But I
realized just in time that a simple encrypt(result) call would cause all
positive items to have the same encrypted text. Thus if you knew one patient's
result was positive, you knew them all.
I got around this by adding another field that varied with each record, such
that there would be no discernible pattern in the encrypted text: encrypt(result, uuid)