Find the answer to your Linux question:
Results 1 to 9 of 9
I was looking that the hashing and encryption functions in MySQL recently and I came up with an odd question. Is there any situation where encryption should be done in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682

    MySQL encryption functions


    I was looking that the hashing and encryption functions in MySQL recently and I came up with an odd question.

    Is there any situation where encryption should be done in the database when it could be done at the client?

    To expand on that a bit more. If the database is encrypted, and the client does the decrypting, then the key never needs to travel to the database, the data never passes over the network in the clear, and the processing load required to decrypt the data is moved from the server to the client allowing for (a bit) better scaling.

    If the server handles the decryption then the exact opposite is true, and I can't think of any reason why you'd want to do that if you didn't have to.

    I understand why the server-side hashing functions would be used, and I can see how the encryption functions could be handy if you didn't have a choice, but I'm looking for a scenario where you have the choice and server-side is better.
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    Bump.

    If I don't get a reply this time around, I'll give up on it.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Linux Newbie
    Join Date
    Aug 2005
    Location
    Sterling, VA
    Posts
    100
    I can't think of one off the top of my head.

    I do use the md5 function sometimes. Like recently I had some trouble when I was setting up a phpbb, and I couldn't get logged into the admin account. The passwords are hashed with md5, so I was able to set the password to something I knew that way.

    Most web applications won't have access to client side hashing/encryption. Javascript doesn't do it now does it?
    - EndianX -

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User
    Join Date
    Jul 2005
    Posts
    369
    Quote Originally Posted by EndianX
    I can't think of one off the top of my head.

    I do use the md5 function sometimes. Like recently I had some trouble when I was setting up a phpbb, and I couldn't get logged into the admin account. The passwords are hashed with md5, so I was able to set the password to something I knew that way.

    Most web applications won't have access to client side hashing/encryption. Javascript doesn't do it now does it?
    php supports crypt and md5 hashing functions
    All i want for christmas is a new liver....a second chance to get afflicted with Cirrhosis

  6. #5
    Just Joined!
    Join Date
    Jan 2006
    Posts
    6
    I don't think the mysql development team are putting a lot of effort into the encryption side of there database yet.....

    I am sure if you sent them an email they could give you a load of information on it, They seem to reply to my emails with a lot of information.

    Give it a try

    Good luck

  7. #6
    Just Joined!
    Join Date
    Jan 2006
    Posts
    71
    why not encrypt both? I know php supports the md5 and i think sha for encryptions. The data wont be "traveling in the clear" either way then.

  8. #7
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    Thanks for your answers everyone, it's pretty much sizing up the way I exepected it to.

    Yes, I can definitly see them being useful. Particularly in situations where you want to set up encryption after the fact. Keeping the data inside the database for massive conversions would improve performance for that operation. Also, encryption can be coded into Javascript, but you're right, I don't think it supports encryption natively (and the javascript versions are really slow).

    PHP does have useful encryption functions too, but I still reckon if you have the choice client side is better all round.

    I am sure if you sent them an email they could give you a load of information on it, They seem to reply to my emails with a lot of information.
    Good idea. If I get anything particularly interesting, I will post it here too.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  9. #8
    Linux User
    Join Date
    Jul 2005
    Posts
    369
    Mysql 5 has encription support, and its good support as it can support AES cartography(practically unbreakeable at the moment). Ive only read a bit on it and im going to be playing with mysql 5 at the end of my samester for uni.
    All i want for christmas is a new liver....a second chance to get afflicted with Cirrhosis

  10. #9
    Just Joined!
    Join Date
    Oct 2007
    Posts
    1
    There are many ways to achieve what you want. You can use dm-crypt tool to encrypt your partition. You can use loobback encyrption to protect the dataase directory. For access control, use selinux (for RH) or apparmor (SuSE). There are some enterprise products avaialable out there also, look for security-general for mysql from Packet GENERAL Networks™

    Quote Originally Posted by kakariko81280 View Post
    I was looking that the hashing and encryption functions in MySQL recently and I came up with an odd question.

    Is there any situation where encryption should be done in the database when it could be done at the client?

    To expand on that a bit more. If the database is encrypted, and the client does the decrypting, then the key never needs to travel to the database, the data never passes over the network in the clear, and the processing load required to decrypt the data is moved from the server to the client allowing for (a bit) better scaling.

    If the server handles the decryption then the exact opposite is true, and I can't think of any reason why you'd want to do that if you didn't have to.

    I understand why the server-side hashing functions would be used, and I can see how the encryption functions could be handy if you didn't have a choice, but I'm looking for a scenario where you have the choice and server-side is better.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •