Re: Two way encryption in PG??? - Mailing list pgsql-sql

From Mathijs Brands
Subject Re: Two way encryption in PG???
Date
Msg-id 20010306000625.H22983@ilse.nl
Whole thread Raw
In response to Re: Two way encryption in PG???  (clayton cottingham <drfrog@smartt.com>)
List pgsql-sql
On Mon, Mar 05, 2001 at 08:40:53AM -0800, clayton cottingham allegedly wrote:
> Boulat Khakimov wrote:
> > 
> > David Olbersen wrote:
> > >
> > > On Sun, 4 Mar 2001, Boulat Khakimov wrote:
> > >
> > > ->How do I encrypt/decrypt something in PG?
> > >
> > > Perhaps it'd be better to one-way encrypt something? Granted I don't know the
> > > details of your project, but allowing a way to "decrypt" something is rather
> > > insecure.
> > >
> > > -- Dave
> > 
> > Now, one way CC encryption doesnt really make any sense, does it :)
> > 
> > Two-way encryption algorithms like blowfish are very hard to break, too
> > bad they are
> > not build in to PG.
> > 
> 
> this could be easily done with
> PL/perl couldnt it?

It's still not clear to me why someone would want to. Having the database
server do two-way encryption doesn't really provide you with any extra
protection. Also, it puts extra strain on the database server.

If you want to store encrypted data on the server, have the application do
the encryption. That also would provide for a much more scaleable solution,
since it doesn't put any extra load on the database server. Doing the
encryption on the application end should be pretty easy.

I know there are some database(like) systems that can do this kind of stuff,
but the only advantage I can see at the moment is that when someone
physically steals your database server (or the disks), they can't read your
data. This only works when the key is NOT, again, NOT stored on disk in any
form; query the sysadmin (or someone similar) when starting the db server
instead.

Btw. don't even think about asymmetric (public key) cyphers, such as RSA.
They are MUCH too slow, both in setup and processing (throughput) time.

Cheers,

Mathijs
-- 
It's not that perl programmers are idiots, it's that the language
rewards idiotic behavior in a way that no other language or tool has
ever done.                                                   Erik Naggum


pgsql-sql by date:

Previous
From: Michael Fork
Date:
Subject: Re: Optimizing Query
Next
From: Mathijs Brands
Date:
Subject: Re: Optimizing Query