List:General Discussion« Previous MessageNext Message »
From:John Daisley Date:March 19 2010 10:39am
Subject:Re: MySQL Encryption
View as plain text  

I tend to derive a key based on a separate character string and the contents
of the data in the same or a related table. This means each row has a unique
encryption key and you never have to have the whole key stored somewhere
(you don't even know it :p ). Biggest advantage to this is should someone
get hold of your data they have to work out your character string and the
logic for deriving the key or attempt to hack each and every individual row
of the table because no two rows will ever have the same key.

For example, in a table with the columns `username`, `email_address`,
`password`, `jointime` (where password is encrypted with AES_ENCRYPT) I may
Use a charcter string of "awfully_complex_char_string-" and derive the key
like so


I then store the logic in a database stored procedure and use database
security to prevent unauthorised access. At no point do I have this logic
outside the database in any external application or script! That would be
silly :)


John Daisley

On Thu, Mar 18, 2010 at 7:26 PM, Jim <jim@stripped> wrote:

> In terms of encryption functions AES_DECRYPT and AES_ENCRYPT, can anyone
> point to any good links or offer any suggestions in terms of best practices
> on storage of the associated symmetric key? I've found very little
> information on this when searching.
> Does MySQL offer any asymmetric encryption capabilities?
> What are people using in terms of a good solution for encrypting specific
> columns of table data while providing protection of the key?
> Thanks,
> Jim
> --
> MySQL General Mailing List
> For list archives:
> To unsubscribe:

MySQL EncryptionJim18 Mar
  • Re: MySQL EncryptionJohn Daisley19 Mar
    • Re: MySQL EncryptionJim19 Mar
      • Re: MySQL EncryptionTompkins Neil20 Mar
        • Re: MySQL EncryptionJim20 Mar
RE: MySQL EncryptionJohn Daisley20 Mar
  • RE: MySQL Encryptionmos21 Mar
RE: MySQL EncryptionJohn Daisley21 Mar
  • RE: MySQL Encryptionmos21 Mar
    • Re: MySQL EncryptionJohn Daisley22 Mar