3

I was wondering which is the best way to encrypt and decrypt user data in a database, to make it much more secure as it is possible?

I was reading about AES but I would like to know if is really the best way.

I was planning to use AES and a secrete key for encrypt/decrypt, is there any better way?

Polynomial
  • 132,208
  • 43
  • 298
  • 379
itsme
  • 133
  • 1
  • 5

3 Answers3

3

Secure, yes, but against who or what ?

Regardless of how you encrypt data, your server must still be able to decrypt it. So any attack which subverts your server (e.g. buffer overflows or SQL injection) will yield full data access to the attacker, regardless of your encryption.

Encryption will do you any good only against attackers who get backdoor access to the storage, e.g. who steal a backup tape or recover an old hard disk from a dumpster. Then, this points to the kind of encryption you need: Transparent Data Encryption (equivalently, a full-disk encryption, as hinted at by @Polynomial). TDE does not remove confidentiality needs, but it concentrates them: you "just" have to worry about the encryption key, which is small and does not change over time, instead of gigabytes of ever-mutating data.

(Of course, if you want to sprinkle encryption all over the server just to ease the qualms of some administrative hierarchy somewhere, then forget all of this and just go for an algorithm with the most impressive-looking acronym, preferably with a very long key. "RSA-8192 and AES-256/CBC with HMAC/SHA-512" will reliably plunge the average bureaucrat into an ecstatic trance.)

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • If the SQL injection leads to full access of the whole server then you're right. If the SQL injection just exposes the encrypted contents of the fields and the key is stored somewhere else on the server (your application code, some file or in shared memory), the data is still secure. – chiborg Jun 19 '14 at 09:24
2

AES is a good choice for encrypting data, if you implement it properly. If you're encrypting data in a database, you're going to run into the DRM problem - i.e. you can't maintain data confidentiality through cryptography if you put the encrypted data and the key in the same place. An attacker with access to the machine can simply steal the key at the same time as the data.

Your best bet for keeping sensitive data secure against live attacks is a HSM, which is designed for exactly this scenario.

If you're only worried about offline attacks, e.g. someone stealing your server's hard disk, then you should encrypt your database on a TrueCrypt volume, or use full-disk (system) encryption.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • so HSM for server machine hardware, i think, right? – itsme Oct 01 '12 at 10:03
  • sincerily i was planning to make users login by an hash code wich is AES enctrypted and decrypted anytime user log into site. The encryption uses a unique secret key (stored in application file) – itsme Oct 01 '12 at 10:05
  • 1
    @lspuk Crypto is hard - don't roll your own. Take a look at [The Definitive Guide to Forms-Based Website Authentication](http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication), [How to securely hash password](http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords), [how to store salt](http://security.stackexchange.com/questions/17421/how-to-store-salt) and [do any experts recommend bcrypt?](http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage). – Polynomial Oct 01 '12 at 10:09
  • It's worth noting that storing data in an encrypted form also prevents the use of indexes with ranges and partial matches for retrieving data. – symcbean Oct 02 '12 at 11:04
1

Maybe someone could answer your question definitely but I have the impression that your question is somewhat akin to "Who is the best physician to treat illness X?" Anyway, AES is an ISO standard and has long been examined by the experts in the public without yet any serious faults beng found and is considered to be secure even when quantum computers are available. On the other hand, a secure algorithm alone of course doesn't yet provide you any security.

Mok-Kong Shen
  • 1,199
  • 1
  • 10
  • 14