Jump to content

[SOLVED] Encrypting a mysql table?

heavyEddie

By heavyEddie
in MySQL Help

 Share

Recommended Posts

MadTechie Regular Member

MadTechie

Posted
Posted

if a hacker gets in, then (s)he will have access to the decryption method used (and password), i guess SSL would be a good idea,

one *idea* to protect the records of a client you could encrypt their data with their password and have their password stored using sha1 or md5 (chaning password would then need to decrypt and re-encrypt their encrypted data)

 

probably got some holes in that idea but still, its a thought

Link to comment
Share on other sites
bubblegum.anarchy Newbie

bubblegum.anarchy

Posted
Posted

probably got some holes in that idea but still, its a thought

Yeah - the salt would have to be the encrypted password which is stored in plain text for a hacker to use as a salt against the encrypted information, the only thing stopping a hacker would be the lack of knowledge that the information is salted with the encrypted password.

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

probably got some holes in that idea but still, its a thought

Yeah - the salt would have to be the encrypted password which is stored in plain text for a hacker to use as a salt against the encrypted information, the only thing stopping a hacker would be the lack of knowledge that the information is salted with the encrypted password.

 

No the USERS password would be the password to the data related to that client, their be no point using something thats stored in the system!!

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

Then one way encryption (md5/sha1) on the password would not be possible since decrypting would be required when applying the password as a salt to other information stored in a database.

 

you have totally missed the point.. it wouldn't affect the password stored at all!

 

have 2 salts and 1 hash..

when they login use

md5($_POST['pass']+salts1) = user login password

to decrypt data use

md5($_POST['pass']+salts2)  = data password (store in session)

i would use 2 salts to make it a little more secure

 

of course system data would require its own password and datamanagement would be a nightmare but as i said its an idea and changing the user password would mean your have to update all their info,

 

does that make sense ?

Link to comment
Share on other sites
bubblegum.anarchy Newbie

bubblegum.anarchy

Posted
Posted

have 2 salts and 1 hash..

when they login use

md5($_POST['pass']+salts1) = user login password

to decrypt data use

md5($_POST['pass']+salts2)  = data password (store in session)

i would use 2 salts to make it a little more secure

 

does that make sense ?

 

No... but then again I do not really need to understand.

 

What I initially understood was that the encrypted password would be used as the key string in des_encrypt thusly:

 

SELECT @key_string := md5('secure_password');

UPDATE the_table SET the_field = des_encrypt('Some sensitive information stored in the database', @key_string);

SELECT des_decrypt(the_field, @key_string) FROM the_table

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

no the users password would be the key, so each of the "clients details" would be protected by their own password (while secure a nightmare to manage)

 

(infact the key is the resulting hash from the 2nd salt and the users password)

 

i would also point out this itsn't something i would recommand doing but more or idea to maybe spark others

Link to comment
Share on other sites
igor berger Member

igor berger

Posted
Posted

This is good encrypting all the records in a data base.

 

So if anyone breaks in to your database, they will just see Salt! :)

 

But when you transporting the data over the internet it will be decrypted on the server before transport!

 

So maybe if you do not trust SSL or want additional level of encryption use JavaScript encryption...

extra salt - client side.

Link to comment
Share on other sites
  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.