Re: Decryption Performance

From: Chris Rolon (crolon_at_hotmail.com)
Date: 04/25/04 

Date: Sun, 25 Apr 2004 10:37:22 -0700

Alek is correct, you cannot be using SHA1 for encryption/decryption.

As far as performance is concerned, I'm confused by some of your statements.
> We are currently looking into ways to protect our data in a SQL Server
> database from being viewed by users and/or administrators on the client
PC.

Does your database reside on the client PC or on the server? If on the
server, control of the data belongs to your application and I assume you
will not return a response that has confidential information unless it is to
an authorized party. If that is the case do you really need to encrypt the
data?

Are you permitting clients direct access to the database via the Enterprise
Manager? If so, why?

I think that before you decide that you need to encrypt anything, you should
first look at how the data is accessed and who has access to it. If access
to the confidential information is tightly controlled, maybe you won't need
to use encryption.

Of course there are some things that should always be encrypted but you
should not have many of these. As an example, if you have a table that
stores users and passwords, don't encrypt the password, instead use a salted
hash. That way you are not stoiring the password at all.

I could go on and on, but you should get the picture. There is some work you
have to do first. 

-- 
Chris Rolon
This posting is provided "AS IS" with no warranties, and confers no rights.
"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:uRqz4TZKEHA.2692@tk2msftngp13.phx.gbl...
> Aaron,
>
> There is something wrong with your statement: you cannot decrypt data
> "encrypted" with SHA-1 algorithm (I assume that you misspelled SH1). SHA-1
> is a hashing (not encryption) algorithm and you cannot decrypt hashed
data.
> If you are able to decrypt data, then you must be using some sort of
> encryption, not hashing. Depending on the encryption algorithm you are
using
> (DES, 3DES, Rijndael, etc) and encryption parameters and implementation
> (block size, managed/unmanaged, etc), there is a chance you may be able to
> improve performance, but I would not expect a miracle. Check this report
> (Performance Comparison: Security Design Choices):
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/bdadotnetarch15.asp;
> it may give you some ideas. I assume that you decrypt data in C#/VB.NET
> code. If this is correct, the best bet would be to find the fastest (and
> reasonably secure) algorithm and implementation. I also assume that your
> application is optimized (for example, you do not create a new
> encryptor/decryptor for every record). Another alternative would be to use
> third party tools, which encrypt data directly in the database, but I
> haven't used them and do not know what their performance/security/ease of
> use are.
>
> Alek
>
> "Aaron" <anonymous@discussions.microsoft.com> wrote in message
> news:AD0AF639-C6A1-46C3-8BC8-AB83930C6A95@microsoft.com...
> >
> > We are currently looking into ways to protect our data in a SQL Server
> database from being viewed by users and/or administrators on the client
PC.
> One option is to encrypt the fields that we feel are important enough to
> protect. In our case, that includes at least half the fields on our main
> information table.
> >
> > As a test, we encrypted fields in a sample database using a SH1 hash
> algorithm. A test app reads the table and decrypts the encrypted fields.
> The initial tests show the process of reading the table and decrypting the
> encrypted fields runs 3 times slower than without decryption (which is
> understandable).  I am looking for either decryption algorithms or
possible
> other strategies to use so the decryption process is faster.  This
database
> is read-only, so the speed of the reads is important.
> >
> > If anyone knows of some good websites out there that would  have
examples
> of what I am looking for, that would help a lot.
> >
> > Thanks in advance.
>
>

Relevant Pages

  • Re: Which is more secure RC2 or RC4 ?
    ... same database temporarily, until the order is approved manually and the ... obviously there are a LOT of security related issues that arise ... itself in order to decrypt the information, ... meaning if I encrypt the information using AES and a password driven ...
    (sci.crypt)
  • RE: NTE_BAD_DATA
    ... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ...
    (microsoft.public.platformsdk.security)
  • Re: Back Doors
    ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ...
    (sci.crypt)
  • Re: CAPI and RC4: can not decrypt when Final parameter is set to F
    ... to store ASYMMETRIC key pairs - never symmetric keys like RC4, ... Now when you need to encrypt at one place and decrypt at the other normally ... Get a HCRYPTPROV handle to a key container with CryptAcquireContext ...
    (microsoft.public.platformsdk.security)
  • Re: RSA - Public vs. Private Keys
    ... This is a common pattern for license software ... your client will send a unique machine hash to the ... will let us decrypt with a Public Key (or simply not ... |> RSA is intended to encrypt messages with public keys only. ...
    (microsoft.public.dotnet.security)