Encrypting a database

**NeoPa** · Jan 24 '19, 05:58 PM

Are you aware that ACCDB databases are encrypted if you give them a database password?

**mshmyob** · Jan 24 '19, 06:04 PM

Hey NEO,

Long time... I am not using a MS Access database. This is a pet project that I am working on. I am using an SQLite database and Python. There are addons to buy for encryption for SQLite but I do not want to pay for them. I have the code for Python to do all the encryption and decryption and I think I have a proper method to hide the keys but I am stuck on the concept of saving and retrieving the encrypted/decrypted data in the database.

**NeoPa** · Jan 24 '19, 06:17 PM

I was trying to keep you happy, just minding my own business ;-)

If I'm honest what you plan sounds like it could be a bit of an overhead for every transaction, but it's not really an area I can help much with.

Best of luck anyway of course :-)

**Rabbit** · Jan 24 '19, 10:30 PM

If you're encrypting field by field, you would have to set every field to a binary or text data type. You would need to use type conversion functions to interact with the data. You would also want to use a unique salt for each row and/or data element. NeoPa is right, it would probably introduce a lot of overhead.

If you really need the security, it's better and more secure to pay for it than trying to roll your own.

**NeoPa** · Jan 24 '19, 10:55 PM

Originally posted by Rabbit

Rabbit:
If you really need the security, it's better and more secure to pay for it than trying to roll your own.

I have to say I agree with that. The ramifications of rolling your own are already (becoming) obvious to you. Far from trivial.

NB. I would say Rabbit is our security guru here as far as Access is concerned, and probably beyond that too.

**mshmyob** · Jan 24 '19, 11:45 PM

Thanks. I am going to use pre built functions for encryption (the paid functions for Sqlite) do it field by field so I can just do that myself. I did find an article talking about binary fields and such. Just because this is my own pet project I would like to try just to get more knowledge.

Thanks for the feedback.

**NeoPa** · Jan 25 '19, 02:34 AM

A very interesting project as far as exploring potentials is concerned. Just be very careful of promising results until you've ironed out all the complications ;-)

**mshmyob** · Jan 25 '19, 06:14 PM

So assume I have a table with 5 columns

col1 - primary key - auto generated - Not encrypted
col2 - text - encrypted
col3 - text - encrypted
col4 - text encrypted
col5 - IV column - unique for each row - obviously not encrypted

Assume col4 has just contains single words. Now I execute the following simple query

Code:

SELECT * FROM tablename WHERE col4='Apple';

I can only think that I would decrypt each row and do a comparison for the word Apple. I have basically eliminated using indexes since I would have to go through each row and I also defeated the purpose of a SELECT statement since I am not returning a return set with the SELECT statement really but with my code that I need to create.

I assume I am thinking about this incorrectly since I don't see this working properly. What am I missing???

Confused....

**mshmyob** · Jan 25 '19, 06:15 PM

Hey Neo, not promising anything to anybody. I am doing this all for myself to get a better understanding of encrypting a database without built in tools. I really want to know the details.

**mshmyob** · Jan 25 '19, 09:37 PM

Actually with some more research I think I came up with the solution of how to query encrypted data without first decrypting and then iterating through the data with application code.

I can directly query the encrypted data with the concept of Blind Indexing. I think I will try this route.

Thanks

**Rabbit** · Jan 25 '19, 10:55 PM

It will come down to how secure is secure enough.

Creating an index on a HMAC means loosening the security slightly to accommodate the increase in performance. The security weakness with the this approach is that the HMAC can't use a salt/nonce/initialization vector as part of its calculation. Therefore, the same inputs run through the HMAC result in the same output. Otherwise the index wouldn't work.

In practice, what this means for an attacker is that if they are able to figure out the value of one field on one account, then at a minimum, they now know that value maps to that HMAC throughout the rest of the records in that table for that field.

How much that small leak of information matters comes down to how sensitive it is to maintain the confidentiality of that piece of data.

For example, leaking data on their preference of deodorant and everyone else who likes that same deodorant probably isn't much of an issue. But leaking a zip code and everyone else that lives at that zip code might be more of an issue.

**mshmyob** · Jan 26 '19, 12:05 AM

You are correct Rabbit but I want to see if I hash it with a hidden salt (I will encrypt The salt) and have it on a different server. That way if the database gets compromised all they will know is that one of the encrypted columns (they won't know which one) contains like data in some rows. But without the salt they will not be able to determine the prefix which is the actual data.

Encrypting a database

Encrypting a database

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment