Rotating Alogrthim to link data between 2 sql tables

[cooldude832]

I have though about a system to link some sensative data to the user's actual data using 2 tables (or more maybe) such as

Table1 (user data)

ID

Name

Address

Phone

Email

etc

 

Table 2(Secure data

EncryptedID

Encrypted' SSN

salt

salt'

etc

 

My idea is to store this data in a secondary table that has an encrypted version of the ID number (not encrypted, but algrothimically stored version of the original.  I'm trying to create some sort of method that makes the algorthimn dynamic, any ideas?

[btherl]

Dynamic in what way?

[cooldude832]

that the salt/key is dependent on the time it was developed, or some other factor where you could decrypt one key yet fail on another with the same methods, but work on another.

[pocobueno1388]

The function uniqid() creates a random unique ID depending on the time. It will never generate the same id.

www.php.net/uniqid

 

I'm not sure if that will be of use or not.

[btherl]

that the salt/key is dependent on the time it was developed, or some other factor where you could decrypt one key yet fail on another with the same methods, but work on another.

 

Salting is definitely a good idea, otherwise you can tell when two users have the same data.  But as for accessing the data, the program accessing it must know how to decrypt it.  Will that depend on something input by the user?  Otherwise it must be the same key for all users.

[cooldude832]

well this is what I'm thinking  the whole idea is based on ascii Values of characters. 

the string will be exploded, then each character converted to an integer

then based on the salt it will go through a series of conversions that are not very easy to follow

Then the new ASCII value is then convereted to characters and stored with the salt

 

The trick is the salt is rotating ID()  this value is used as the salt.

I guess I need to develop a method to this now.  I'll try some thigns

[cooldude832]

This is what I came up for a basic encryption, mind you its very basic, but I can see improvements

http://pira00.worldispnetwork.com/algo.php?key=Pizza+Sauce

 

[btherl]

Let's back up a little - what is the purpose of encrypting the secondary data table?  What are you trying to achieve?

[aschk]

What about a mutating genetic algorithm ? I'm sure that would suffice. Now who wants to write one  :-\

[btherl]

I don't see how genetic algorithms would help.  The problem in all cases is that you still need to decrypt the data, and that defeats any system that doesn't rely on the user to provide some kind of secret.  I think the fundamental idea is flawed.

[cooldude832]

what you mean a secret, you have to have something to encrypt in the first place

[btherl]

I mean that the program that decrypts the data must have access to a secret allowing the data to be decrypted.  The "secret" could be a sequence of 128 bits, for example.  Now the problem is that if the program knows this secret and can decrypt the data, then a hacker can examine the program, find the secret and ALSO decrypt the data.

 

This is true regardless of what algorithm you use to encrypt the data.

 

So I am still not sure what you are proposing - how will this method ensure that someone with access to the database cannot access the data while still allowing the programs that are intended to access the data to access it?