Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re: Cryptology in the database

by moritz (Cardinal)
on Mar 31, 2008 at 14:53 UTC ( #677548=note: print w/replies, xml ) Need Help??

in reply to Cryptology in the database

There's no pre-built solution on CPAN because there are two possible cases:

  1. You have a storage location that is more secure than your database
  2. You don't have such a location

In case 1) you can just store the keys there, the rest is a SMOP (small matter of programming)

In case 2) you're lost anyway. Even if you obscure the keys in a very clever way, you'll still have code that reverses that process (otherwise you couldn't access the keys).

Now if somebody has access to your database, he will probably have access to your code as well, make a copy of it, and dump the keys after the deobfuscation.

So anything that is in the case 2) just gives a false sense of security, and is IMHO not worth considering.

Replies are listed 'Best First'.
Re^2: Cryptology in the database
by andreas1234567 (Vicar) on Mar 31, 2008 at 19:04 UTC
    there are two possible cases.
    I don't find it all black or white. Consider an application server with a symmetric key stored in plain text on disk, connected to a database server which performs symmetric encryption on the data. Although the protection against an online attacker having filesystem access on the application server is very poor, it will still protect well against offline attacks on lost or stolen database disks.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://677548]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (2)
As of 2021-02-25 02:15 GMT
Find Nodes?
    Voting Booth?

    No recent polls found