Hi all, from what I understand, the default initialization vector used by CipherServices like AesCipherService, is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key. Is there a way to configure AesCipherService to generate the same ciphertext from the same plaintext? Would it be a too weak strategy?
Just to give you some background on what I am trying to do: I am a committer of the Apache OFBiz project and I am trying to integrate Apache Shiro in OFBiz to replace the two-way encryption services that are used by OFBiz to encrypt/decrypt database fields containing sensitive information like credit cards and SSN. The current OFBiz implementation relies on a custom (weak) mechanism that embeds a salt in the 3DES encrypted data; in this way it is possible to do some lookups on encrypted data, for example to select a person by matching SSN, even if the SSN is encrypted. Any suggestion on how I could achieve the same using Shiro cryptographic support? Thanks, Jacopo
