tags:

views:

267

answers:

4
+1  Q: 

Suitable alternative to CryptEncrypt

We have a situation in our product where for a long time some data has been stored in the application's database as SQL string (choice of MS SQL server or sybase SQL anywhere) which was encrypted via the Windows API function CryptEncrypt. (direct and decryptable)

The problem is that CryptEncrypt can produce NULL's in the output, meaning that when it's stored in the database, the string manipulations will at some point truncate the ciphertext.

Ideally we'd like to use an algo that will produce cyphertext that doesn't contain NULLs as that will cause the least amount of change to the existing databases (changing a column from string to binary and code to deal with binary instead of strings) and just decrypt existing data and re-encrypt with the new algo at database upgrade time.

The algorithm doesn't need to be the most secure, as the database is already in a reasonably secure environment (not an open network / teh interwebs) but does need to bebetter than ROT13 (which I can almost decrypt in my head now!)

Cheers

edit: btw, any particular reason for changing ciphertext to cyphertext? ciphertext seems more widely used...

+1  A: 

Any semi-decent algorithm will end up with a strong chance of generating a NULL value somewhere in the resulting ciphertext.

Why not do something like base-64 encode your resulting binary blob before persisting to the DB? (sample implementation in C++).

OJ  2008-08-20 09:49:56
A: 

That's an interesting route OJ. We're looking at the feasability of a non-reversable method (still making sure we don't explicitly retrieve the data to decrypt) e.g. just store a Hash to compare on a submission

geocoin  2008-08-20 10:06:03
+1  A: 

Storing a hash is a good idea. However, please definitely read Jeff's You're Probably Storing Passwords Incorrectly.

Greg Hewgill  2008-08-20 10:41:15
A: 

It seems that the developer handling this is going to wrap the existing encryption with yEnc to preserve the table integrity as the data needs to be retrievable, and this save all that messy mucking about with infinite-improbab.... uhhh changing column types on entrenched installations. Cheers Guys

geocoin  2008-08-20 11:16:49

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS