Question about acra HOT 2 CLOSED

1. In HMAC we use one more part for hashing - client's key. It cryptographically separates searchable pieces of the encrypted data between clients. For example, when you use just hashing for first name encryption, you get HASH("John") == Hash("John"). So an attacker will know all rows in the database with similar names. If he has own created row (by the legal UI or user flow as standard user) with name "John", he can find own row with hash of this first name, and then find all "John"s in the database. When we use separate keys for every client then an attacker can find only similar values in the set of rows of one client, not all in the database, and all other client data are not compromised. HMACing values add one more dimension of values. With set of 10k unique first names hashing produces 1D dimension of 10k values. Using HMAC and unique keys per client it produces 2D dimension with X keys * 10k values
2. Connect to Acra with another TLS certificate that changes clientID used for encryption/decryption operations. In the default configuration switching between users/clients works on changing TLS certificates.
3. On encryption failures, Acra will interrupt connection processing and close connection to prevent the propagation of not protected data. To reproduce, you can start Acra, establish DB session via driver or CLI client, and after that remove/rename libthemis.so library used as crypto backend. It will cause runtime errors on key decryption operation (which always prepends any data encryption/decryption operation).

from acra.

Thanks you for you answer

from acra.