RE: Best way to Encrypt a feild in a production db?

From: Mohit K. Gupta <mohitkgupta@xxxxxxx>
Date: Thu, 26 Feb 2009 09:14:02 -0800

Hmm, I think you'll have to change stored procs where inserts/updates/delets
are taking place.

But question comes down to is how strong encryption you want. If you just
want to make it so not just anyone can read it. You can always use encrypt
by pass phrase but it is limited security...

As stated in ref article:

It is also possible to use symmetric encryption with a pass phrase as the
key by executing the EncryptByPassPhrase function. Note that in this case,
data security depends on the phrase complexity. To reverse the process, you
need to apply the DecryptByPassPhrase function, providing the same pass
phrase (along with encrypted data) as its argument.

DECLARE @cleartext NVARCHAR(100)
DECLARE @encryptedstuff NVARCHAR(100)
DECLARE @decryptedstuff NVARCHAR(100)
SET @cleartext = 'I''m hunting wabbits'
SET @encryptedstuff = EncryptByPassPhrase('l00n3yTun3z', @cleartext)
SELECT @encryptedstuff
SET @decryptedstuff = DecryptByPassphrase('l00n3yTun3z', @encryptedstuff)
SELECT @decryptedstuff

Ref:
http://www.databasejournal.com/features/mssql/article.php/3483931/SQL-Server-2005-Security---Part-3-Encryption.htm
--
Mohit K. Gupta
B.Sc. CS, Minor Japanese
MCITP: Database Administrator
MCTS: SQL Server 2005
http://sqllearnings.blogspot.com/

"Hulicat" wrote:

I have a db that is storing SSNs in clear text, I have been trying
some things in dev with mixed results.

Is there a way to encypt this data without having to pass a cert to
insert or select the data in the feilds?

I want to avoid changing all of the associated stored procedures if
it's possible.

Thanks,

References:
- Best way to Encrypt a feild in a production db?
  - From: Hulicat

Prev by Date: Best way to Encrypt a feild in a production db?
Next by Date: Re: Please help with deleting a user.
Previous by thread: Best way to Encrypt a feild in a production db?
Index(es):
- Date
- Thread

Relevant Pages

Re: Whats the current "best" way to secure a wireless network?
... But if you have a reasonably long phrase that you ... Good encryption algorithms (and ... modified phrase should be highly resistant to a brute-force attack. ... a trivial WPA passphrase can be cracked. ...
(alt.internet.wireless)
Re: Should be in crypto for criminals Re: just stupid?
... > It's not a matter of my winning a discussion; ... In a true, real world attack, you would be faced with cipher text only, ... messages were encrypted with the same pass phrase. ...
(sci.crypt)
Re: Generate OpenSSL CSR in Squeeze
... > a CSR using this key. ... Verifying - Enter Encryption Password: ... Enter pass phrase for test.key: ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)
[SLE] Wireless on SUSE 9
... I am unsure of the proper setup though. ... Key Input Method: Pass Phrase ... I've tried putting the pass phrase and the encryption keys into ...
(SuSE)
Re: SSH private keys, dangerous to carry around or not. Was Re: Where do you run ssh-keygen
... howsoever strong encryption algorithm was used to generate the key ... I was under the impression that the pass phrase encrypted the file and that to make use of the private key I would have to supply my pass phrase, so I thought the private key was useless without the pass phrase. ... the target of a brute force attack is obviously your ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)