I ran across the issue of having to salt results so the same clear text would result in different encrypted string. The technique I found was to add 4 random bytes at the beginning of what was being encrypted. These bytes can then be used to alter further encryption downstream. So, encrypting the same string multiple times in a row will always yield different results because the first encrypted block of data (lets say the first 8 bytes) contains 4 randomly generated bytes. The next 8 bytes are salted with the value of the first 4 bytes. The randomly generated 4 bytes are encrypted along with the rest of the data.
Decryption starts with the starting block (the first 8 bytes), recuperating those 4 bytes which can then be used to complete the decryption downstream. When the decrypted result is returned, the 4 bytes are discarded.
This means that it is not necessary for the encryption to be passed a salt value. So searches on encrypted data, such as using WHERE clause and ORDER BY, should work. The security requirement that a given piece of information be encrypted differently even when it is the same is satisfied by this technique.
Thanks.
