http://www.perlmonks.org?node_id=877383


in reply to Deterministic asymmetric encryption [Crypt::RSA]

The approach that I would take here is ... secure the channel.   Use certificates to authenticate the users (and to secure the communications with each).   Use existing standard protocols to do this, not one that you have rolled.   Put the information on a highly-secured server which will only communicate with bearers of currently-valid credentials.   The information that passes through the secured channel can be plaintext, since it passes between parties with mutually-assured identities.   The database files are encrypted using a key known only to the server:   these services are already readily-available in any major server.   I would advocate avoiding use of deterministic encryption altogether, because I do not think it will ever provide the data-security and data-integrity that you need.

I fail to see why you should be having to “roll your own anything” to accomplish this...   This is hardly an atypical or novel requirement.

Replies are listed 'Best First'.
Re^2: Deterministic asymmetric encryption [Crypt::RSA]
by andreas1234567 (Vicar) on Dec 16, 2010 at 06:03 UTC
    secure the channel.
    I will protect data in transit. I also need to protect data at rest. Either is not sufficient.
    The database files are encrypted using a key known only to the server:
    Security regulations (e.g. like this) require protection against insider threats to make sure data does not escape, e.g. when backed up. To have a (symmetric) key and the data on the same server is out of question.
    I would advocate avoiding use of deterministic encryption altogether, because I do not think it will ever provide the data-security and data-integrity that you need.
    I would normally agree, but in this case I feel the disadvantage of a less secure encryption model is probably outweighted by the advantages of not having the (symmetric) key and the data on the same server.

    There are apparently advances in cryptography research (e.g. here (RSA-DOAEP), here, and here) that suggests that deterministic asymmetric encryption is becoming increasingly secure. It takes of course a long time for new algorithms to find its way into actual, usable implmentations.

    This is hardly an atypical or novel requirement.
    I would compare it with to store data encrypted on your server that a root user does not have access to. I would be glad to use an of-the-shelf solution. Do such exist?

    Thanks for your feedback.

    --
    No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]
[reply]

      Don't know how secure deterministic asymmetric encryption (lets call it DAE) is, but you want it to fill out exactly the role for which hashes aka trap-door functions were invented.

      I'm actually working in a facility for cryptographic research and I asked someone who should know the actual research in the field. He told me that there is not much research about the strength of DAE, I suspect because there are much better alternatives.

      Usually you would do the following: Store the data with symmetric encription and a random key that is encrypted with asymmetric encryption (this method is standard for any data bigger than a few hundred bytes, since asymmetric encryption is very slow). Beside this store the hash of the data. At the moment sha256 seems to be the hash everyone uses, with sha512 for the really paranoid.

      As you can see this fulfills all your requirements

[reply]

In Section Seekers of Perl Wisdom