Re: Which is more secure RC2 or RC4 ?

From: Volker Hetzer <firstname.lastname@xxxxxxxx>
Date: Wed, 12 Jul 2006 20:27:30 +0200

Homer Simpson schrieb:

I'm new to cryptography, and I am currently designing a system which
needs to store sensitive financial information in an MSSQL database.
Now I am totally at a loss as to which cipher to use, and which is more
secure, RC2 or RC4?

Why those particular two ciphers? Neither are very well suited to it,
RC2 being rather outdated and rc4 being a stream cipher, meaning you
have to put in a bit of effort to make it secure.

Are RC2 and RC4 somehow contained in mysql?

Also, what kind of information are you going to store, how many bytes
per record, how many records and in what way are you controlling access?
Does the encryption and decryption have to happen in the database at all
or can you just store encrypted records and leave the rest for the client?

And, as the others said, if this is for more than protecting against your
kid brother, get yourself a pro or buy a professional solution, like
oracle (http://tinyurl.com/hjhyx and http://tinyurl.com/jgpl8).

(Necessary disclaimer: I do not profit from this, I am just a happy part time
dba/developer for a small oracle installation. I'm sure SQLServer and DB2 offer
similar capabilities but these I don't know.)

But even if you get the algorithms ready-made, there's still a lot you
can do wrong in the whole system so you need more than the "consulting"
you can get here in sci.crypt for free.

Lots of Greetings!
Volker
--
For email replies, please substitute the obvious.
.

Follow-Ups:
- Re: Which is more secure RC2 or RC4 ?
  - From: David Wagner

References:
- Which is more secure RC2 or RC4 ?
  - From: Homer Simpson

Prev by Date: Re: small 3DES C implementation wanted!
Next by Date: Re: Which is more secure RC2 or RC4 ?
Previous by thread: Re: Which is more secure RC2 or RC4 ?
Next by thread: Re: Which is more secure RC2 or RC4 ?
Index(es):
- Date
- Thread

Relevant Pages

Re: predicting encrypted data size with Rijndael
... iIf you use standard PKCS padding mode then it ... that's your decision if you want to store it or just invent some formula ... random data for IV and store it just before your cipher text (note that you ... >i use Rijndael encryption with key of 32 bytes. ...
(microsoft.public.dotnet.security)
Looking for search engine
... I'm Looking for a search engine that will iterate through MSSQL database and ... that perhaps can store the results in ADO but that is not a prerequisite. ...
(borland.public.delphi.thirdpartytools.general)