All geek questions in one place

What is the best way to save a decryption key to decrypt an encrypted database?

I have an encrypted database and a decryption key. How to save the decryption key from hacking (both hacking the database and unauthorized access to the PC)?

  • Hard code in the assembly.
  • save to the registry.
  • save to RAM.

Also, I need an algorithm for data encrypted. What is the best algorithm for this during decryption?

  • RSA
  • AES
  • Twofish

RSA vs AES

Thanks,

+4
source share
4 answers

You ask the wrong questions: first you need to decide how safe such things are for you. Then you need to decide whether you want symmetric (think DES, a shared key)) or asymmetric (think about RSA, public and private keys), and also think about key management, because this is often the cause of weakness.

Asymmetric algorithms are an order of magnitude slower than symmetric; they are often used to protect a symmetric key, and not from all data.

+4
source

It is not possible to "save the decryption key from breaking" if you store it with encrypted data. Period. Key management is often the most complex part of any security policy.

As for the encryption algorithm, RSA is a completely different type of algorithm for AES and twofish (see http://en.wikipedia.org/wiki/Symmetric-key_algorithm#Symmetric_vs._asymmetric_algorithms ).

Both questions will require additional information. That is why you are trying to encrypt the database? What threat are you trying to solve?

+4
source

It will never be completely safe, especially with physical access to the machines, but you can make it difficult.

Use 3DES to encrypt the database fields that you want to protect. Please note that you do not need to encrypt each field, and you should not. (both for speed and because if you lose the key, you will at least understand what you need to do)

Do not store the key on the database server. If necessary, save it to a disk other than a database or web application.

Keep a backup copy of the key on a flash drive or something like that. Do not miss this step.

Divide the key file into several different files scattered in different folders and different drives. Do not use names indicating the purpose of the files. Keep the places in the registry.

Use the code to read the registry, extract the key fragments and collect them. Write this code yourself and do not use a name that indicates the purpose of the program.

+1
source

I interpret your description that in order to do your job, you need to save the SOMEWHERE decryption key on the database machine.

Given the sufficient knowledge and access to equipment, you cannot protect your database, that it is impossible to break through encryption.

For all other cases where physical access is not possible, you must refer to the encryption rules that exist for all major databases using unique technologies unique to most platforms.

0
source

Source: https://habr.com/ru/post/1285955/

More articles:


All Articles