I tend to derive a key based on a separate character string and the contents
of the data in the same or a related table. This means each row has a unique
encryption key and you never have to have the whole key stored somewhere
(you don't even know it :p ). Biggest advantage to this is should someone
get hold of your data they have to work out your character string and the
logic for deriving the key or attempt to hack each and every individual row
of the table because no two rows will ever have the same key.
For example, in a table with the columns `username`, `email_address`,
`password`, `jointime` (where password is encrypted with AES_ENCRYPT) I may
Use a charcter string of "awfully_complex_char_string-" and derive the key
I then store the logic in a database stored procedure and use database
security to prevent unauthorised access. At no point do I have this logic
outside the database in any external application or script! That would be
On Thu, Mar 18, 2010 at 7:26 PM, Jim <jim@stripped> wrote:
> In terms of encryption functions AES_DECRYPT and AES_ENCRYPT, can anyone
> point to any good links or offer any suggestions in terms of best practices
> on storage of the associated symmetric key? I've found very little
> information on this when searching.
> Does MySQL offer any asymmetric encryption capabilities?
> What are people using in terms of a good solution for encrypting specific
> columns of table data while providing protection of the key?
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: