> My company need deterministic encryption to search encrypted data.
I'll take things you should never do as a non-expert for $100.
> The first version use AES-CFB. There's no authentication. It's probably copy pasted from a public Gist and nobody ever commented on it that it is insecure. I wonder if it was actually intended to be the non-deterministic version, but the higher level wrappers do not wrap this function so people didn't actually use it.
Lack of authentication is probably the least of your concerns if your product is searching over encrypted data.
I'll take things you should never do as a non-expert for $100.
> The first version use AES-CFB. There's no authentication. It's probably copy pasted from a public Gist and nobody ever commented on it that it is insecure. I wonder if it was actually intended to be the non-deterministic version, but the higher level wrappers do not wrap this function so people didn't actually use it.
Lack of authentication is probably the least of your concerns if your product is searching over encrypted data.