Hi HN:
I've got a question I've been struggling with for a while. I want to build a platform my PhD research where i can ask patients to fill in questionnaires about health and mobility. This would be a great speed up over the usual approach with the questionnaires on paper.
I've designed a system with public key encryption of the data fields but I need a way to identify patients to serve the required questionnaire. This is usually done with patient numbers like this: 88811121, an INT of 7-8 characters. Hashing is easily reversed because of the small number of possibilities.
How can i protect the ID while still identifying patients with this? My approach would be: patient number + calculated salt in a bcrypt/scrypt/PBKDF2 style approach.
