Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Define "secure."</p> <p>DES is more secure than plain text, but due to it's 56-bit keysize, it's not usually used anymore. If you're protecting data against your family, or the casual ease dropper this might be okay. </p> <p>If people are using DES these days, it's Triple DES which essentially runs DES, three times, on each datablock.</p> <p>Now a days the symmetric encryption algorithm (which DES is) of choice is AES, which is like the spiritual successor to DES.</p> <p>AES with a sufficiently large key of 256 (really 512 or higher now a days) is cryptographically secure for most applications.</p> <p>The few caveats of AES are:</p> <ol> <li>It's still restricted to US Export controls</li> <li>The NSA can decrypt your information if they want to (yes this is tin hat thinking)</li> </ol> <p>Regarding your error, first try switching to AES, and see if you still get a problem.</p> <p><strong>Regarding AES:</strong></p> <p>Key selection is important, as well as key protection.</p> <p><em>Key Selection</em></p> <p>If you want to "password" protect your data, using AES, then you need to convert your password into an AES key. This is a common pitfall for many amateur computer security developers. Adobe essentially destroyed all the protection of AES in their PDF's by using an MD5 hash of the users password as the key. Needless to say, you're smarter than all of Adobe's engineers combined, so you won't make that mistake.</p> <p>The proper way to generate a key from a password is using RFC2898 aka PBKD2 (password based key derivation function). .NET handily has a method that does this: Rfc2898DeriveBytes(). Essentially what this does is cryptographically securely hashes your password, with a supplied salt (more on this in a bit), a number of times, supplied by the user. This provides several layers to protect against brute force attacks against your password (assuming your key is large enough to prevent brute force attacks against it!)</p> <ol> <li><p>Each iteration of PBKD2 takes a minuscule amount of time to run. The more interation you run (i think the recommend number is > 1000), the more computer time it takes. This time is still less than a human would recognize, but in computer time it's like a century. Thus without knowing the exact iteration count, it makes it a very lengthy process to brute force attack a password.</p></li> <li><p>Salt. Rather than taking a direct hash of your password, a salt adds extra information to your input password, creating a unique hash. This prevents rainbow table attacks, assuming you keep your salt value protected. </p></li> </ol> <p><em>Key Storage</em></p> <p>The other side to cryptography is key storage. If you are password protecting your data, then you need to securely store the password. The easiest way is to use the OS's built in security. On Windows thats using DPAPI in the registry, and Unix, filepermissions.</p> <p><em>AES as a Session Key</em></p> <p>If you are looking to securely transmit data across a nonsecure channel (or even adding your own extra security ontop of SSL), you may want to looking at using AES as a session encryption.</p> <p>Essentially this is two scheme encryption system that works as follows:</p> <p>You generate a public/private key pair using your favorite assymetric encryption (RSA!) for your server. Each trusted client is given the public key. During a session, the client generates a new random AES key of 256 bit or higher. This AES Session key is encrypted using the public RSA key. This encrypted data containing the AES session key is sent to the server. The server decrypts the data using it's private RSA key, and keeps the AES Session key. During the rest of the session, all data is encrypted with the session AES key. At the end of the session, the AES key is discarded.</p> <p>While this does require more handshaking, this gives you the added protection of limiting exposure. Since the AES key is only good for a session, if it's discovered, the damage is only limited to a single session.</p>
    singulars
    1. This table or related slice is empty.
    1. POByte encryption ( DES-CBC zero pad )
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USAlan
    1. USAlan
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POByte encryption ( DES-CBC zero pad )
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. COThanks for the extensive answer. I'll look into this week when i have more time on my hands ;) It's just strange that i get random bytes with DES-CBC-PKCS#7 + same keys used at both sides.
      singulars
      1. PO
      1. USmark_dj
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload