Is encrypting the database an efficient measure? How to protect data against leaks?

Asked

Viewed 2,197 times

3

With the recent problems of password leaks and personal information from the most diverse sites, there is evidence of a lack of zeal regarding the storage of such information by certain companies, showing total disregard for the trust of the user who provides such sensitive data.

Some programmers although use hashs to protect passwords, ignore the salt. Or, although passwords are protected, other information such as emails, addresses and credit card numbers are saved in plain text.

  1. Database encryption is the solution?
  2. What are the pros and cons of this solution?
  3. And as for the use of algorithms hash, what should be used and how best?
  4. As other information (ex: e-mail, telephone and addresses) must be stored?
  5. How these measures affect application performance?
database security-guard
  • 5

    I found a lot of questions for just one question.

  • Did any of the answers solve your problem? Do you think you can accept one of them? If you haven’t already, see [tour] how to do this. You would help the community by identifying the best solution for you. You can only accept one of them, but you can vote for any question or answer you find useful on the entire site.

2 answers

7

Yes, it is. If you use a suitable mechanism, usually provided by the databases themselves.

Some provide the possibility to encrypt only a few parts, a column, for example.

They can also offer different encryption methods. You need to choose one suitable to what you want.

Note that password usually deserves a different encryption from the database. A database is often encrypted so that data can be easily decrypted when needed. Generally we do not want passwords to be decrypted, which gives more security.

Data that needs to be decrypted (email, phone, and addresses) offer less security because somewhere it will be decrypted, somewhere it will have a key and a decryption algorithm. It has some techniques to increase security, but in a compromised system it doesn’t have much to do. The only way to give greater security, but far from perfect, is the decryption only occur in the client using public and private keys.

Leaks occur because they use inadequate safety techniques.

One of the most common flaws with passwords is the lack of a good salt. Another is to use hash bad.

All this is in question and create.

What is the alternative of not doing the encryption? Leave with nothing? It seems obvious to me that it is worse.

It’ll affect performance a little bit, but nothing strong.

Otherwise it can be read in the question: How to hash passwords securely?. It is practically a duplicate (at least in this part).

0

Good morning, for passwords I always use a hash sha1 or something that has no return, always merge with a key of its own as date or a text or something that varies from client to client.

To encrypt user information I advise you to generate a key for each user, it can be an md5 of a timestamp NOW() that serves. then you have a key your q no one has access that one way or another you use it along with the client key and encrypt his data passing through a crypt or a Base64 using this key.

Once this is done, whoever picks up db will already have a huge difficulty discovering its key to see the contents of the generated hashs. The guy would have to hack into your system and see in hardcode the generated key.

---- I’ll give an ex using php ----

to generate the key for each user 

$key=md5($nomedousuario.$email.date('Ymd'));

what has been done up there is to generate a single key for this user Prox step you have to have a key your or more of a key like I do but in case I will only exemplify with 1 for you to understand the process.

$minhakey="87ye7jn789heyn986db87b";

I generated a random key that you can treat her however you want. in my case I do the following

$key_completa = str_replace("7"," ",$key.$minhakey);

what has been done is to remove the number 7 ( for freshness ) and generate a unique key that nobody knows exists, this is the secret of the thing vc has q have a key q vc know how it was generated to encrypt all information so that there is a way to read it.

To encrypt the content you do the following now, let’s assume that I have the customer email and want to protect , will stay like this, Obs. use these functions I’m going through to facilitate the process.

function encrypt($data, $key){
    return base64_encode(
    mcrypt_encrypt(
        MCRYPT_RIJNDAEL_128,
        $key,
        $data,
        MCRYPT_MODE_CBC,
        "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
    )
);
}
function decrypt($data, $key){
    $decode = base64_decode($data);
    return mcrypt_decrypt(
                    MCRYPT_RIJNDAEL_128,
                    $key,
                    $decode,
                    MCRYPT_MODE_CBC,
                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
            );


}

to encode

$email_protegido=encrypt("[email protected]",$key_completa);

to decode

$email_legivel=decrypt($email_protegido,$key_completa);

to increase security go can hide the code that generates the key doing so.

you will transform the whole function into a base 64

echo base64_encode('$key_completa = str_replace("7"," ",$key.$minhakey);');

will return it here

JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw==

then just do so to run

eval(base64_decode('JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw=='));

so the guy who has a cess to Cod will have a hard time finding out what the q is.

of course you can use a zend to encrypt all your php increasing security

  • 2

    Explain this business of generating a time key better. And where is it? In the app? If so, what does the time have to do with it? If the server is compromised, what difference does it make? Why apply Base64? Reading these things I was afraid of what this is crypt.

  • edited, take a look now

  • 4

    MD5 is not good for passwords. But the most important was not answered, where is this key? There’s some weird stuff in that code I don’t even want to ask.

  • face the key fika a part in the database and a part in your hidden hardcode. like t said c who steal the db will never decrypt and c someone steal the Cod you have to hinder the max possible not only hiding the full key but how you generate it.

  • 1

    Yes, when the system is compromised, it takes everything and accesses in a normal way as if none of this existed. All this effort serves for nothing. At most is making it difficult to maintain the application, there is no difficulty for those who steal the information. In fact the criticism posed in the question is precisely because there are things of this kind where the person thinks he is protecting something and is not.

  • yes but ex c the person only access one part of the system he does not have access to another. why there are tools like zend that encode your source code, but nothing is 100% safe.

  • 3

    Coding the source does not help at all if the system is compromised, it will have to be decoded for use and this makes coding harmless for that purpose. The biggest problem is believing that these solutions help in something, they only pass a false sense of security.

  • you are right if the system is not well written the possibilities of break and invasion are huge

Show 3 more comments

Browser other questions tagged database security-guard

You are not signed in. Login or sign up in order to post.