Hi folks,
I've been asked to encrypt various db fields within the db.
Problem is that these fields need be decrypted after being read.
I'm using Django and SQL Server 2005.
Any good ideas?
+4
A:
Yeah. Tell whoever told you to get real. Makes no / little sense. If it is about the stored values - enterprise edition 2008 can store encrypted DB files.
Otherwise, if you really need to (with all disadvantages) just encrypt them and store them as byte fields.
TomTom
2010-10-20 15:18:29
@tomtom : It makes sense if you design a system using symmetric encryption where an user can only decrypt and read his info stored in a DB using his password. This is how they do with ldap based records.
yadab
2010-10-21 09:17:06
No, normally it makes zero sense - unless you program something like LastPass. it ESPECIALLY makes zero sense if the key is available somewhere on a server (the web server). This is a total nieche issue, with hugh negative impact (search goes out of the window).
TomTom
2010-10-21 09:56:13
Why is it marked as answer, I wonder?
vgv8
2010-10-21 11:06:42
Because it is. In 099% of the time encrspting the fields is a totally senseless thing to even start with.
TomTom
2010-10-21 11:24:32
@tomtom : yeah, correct about the lastpass! I forgot to mention, if you are writing a single-sign-on something similar to lastpass, it make sense, where you store user's all password encrypted using user's own key.
yadab
2010-10-22 08:21:23
And that pretty much is it - password repositories where you explicitely do not want to trust even your local application. Any other scenario is mostly (99%) hogwash - people (mostly from management) asking for something without knowing what they do. SQL Server file encryption handles the "discs get stolen" side very well (and is sometimes legally a good advantage) but encrypting fields IN the database has serious implications (like loosing query capabilities).
TomTom
2010-10-22 09:36:27
@tomtom : correct! It happens, When we do not know what the threat is :-)
yadab
2010-10-27 03:33:13
A:
If you are storing things like passwords, you can do this:
store users' passwords as their SHA256 hashes
get the user's password
hash it
check it against the stored password
You can do a SHA256 hash in python by using the hashlib module
Hope this helps
inspectorG4dget
2010-10-20 15:18:32
don't forget to salt it http://en.wikipedia.org/wiki/Salt_(cryptography)
Till Backhaus
2010-10-20 15:21:55
@RadiantHex do the columns involve passwords? Those don't have to be decrypted to do password checking. Otherwise, you may want to consider doing some RSA encryption before storing the value.
vdboor
2010-10-20 15:53:28
@RadiantHex: Please **update** the question if this encryption/decryption business involves or does not involve passwords. The question is unclear. The comments make an assumption. Only **you** can provide **facts**. Please clarify.
S.Lott
2010-10-21 10:04:21