encryption

Discussion in 'Databases' started by duncwilson, Feb 14, 2010.

  1. #1
    Hi there,

    I know it is easy to encrypt password files but I have a client with sensitive data - is it possible to encrypt whole DB ? Will this cause performance issues ?

    Thanks
     
    duncwilson, Feb 14, 2010 IP
  2. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #2
    What database are you using?

    With some databases it is possible to encrypt the entire database on disk.

    There's a few options you have depending on the database that you are using. If youare using MySQL or a database that doesn't support encrypted tables, you would need to use an encrypted file system and then individually encrypt/decrypt data as it is inserted and selected from the database. MSSQL, and the more advanced databases support table and full database encryption, which can greatly reduce the overhead that is caused by encrypting on the fly.

    In any case, key management is the biggest concern, as you must use a key to decrypt data. The security of the data is only as secure as how the key is managed. Since passwords are normally stored using an irreversible hash, key management isn't important. Also, encryption always affects performance. How much really depends on how your encryption works, how large the data is, and your usage.
     
    jestep, Feb 15, 2010 IP
  3. duncwilson

    duncwilson Peon

    Messages:
    23
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hi - thanks for reply

    I am using mysql & i think it supports encryption as all password fields are encrypted
     
    duncwilson, Feb 18, 2010 IP
  4. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #4
    For mysql you will want to use the built in functions AES_ENCRYPT and AES_DECRYPT for strong reversible encryption. The PASSWORD function again creates a hash, which is not reversible.

    http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

    For reversible use the AES functions. AES is a strong, government approved encryption method. Make sure you use a strong key as well. Something like: m48yK2i3V&K!LwHI

    If you need the entire server encrypted as well, make sure to use an encrypted file system. Both Windows and Linux support types of EFS.
     
    jestep, Feb 18, 2010 IP