Only one iv per record

[Fleick]

Hey,
as I see :per_attribute_iv is the only encryption mode which will be supported in the future. According to the (new) Data Privacy rights in the EU we decided to encrypt some data in the database for savety.
Although I see the benefits of one iv per attribute for high security data, I would like to use one iv column per record for our application to save storage. In our opinion this kind of encryption is sufficient for data like first_name or place_of_birth of a person. Since we want to encrypt 7 columns only in the people table, the saving would be quite big. Is there a way to realize this?

[pmichaeljones]

Hi @Fleick. Just fork the repo and create your own branch. Others might be interested in using it as well.

[ankane]

Just fyi, this is not secure with AES-GCM (the default for attr_encrypted). If you reuse the same IV with the same key to encrypt two different messages, it leaks information about the encryption key. https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/joux_comments.pdf