MariaDB [(none)]> SET @key_str = SHA2('Is it secure?',512);
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> SET @crypt_str = AES_ENCRYPT('cleartext',@key_str);
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> select @crypt_str from dual;
+------------------+
| @crypt_str |
+------------------+
| ���5��!$�l |
+------------------+
1 row in set (0.00 sec)
MariaDB [(none)]> SELECT AES_DECRYPT(@crypt_str,@key_str) from dual;
+----------------------------------+
| AES_DECRYPT(@crypt_str,@key_str) |
+----------------------------------+
| cleartext |
+----------------------------------+
1 row in set (0.01 sec)
Documenti in MariaDB KB Funzioni di crittografia, hashing e compressione, come ENCRYPT, DECRYPT , COMPRESSA, PASSWORD . MariaDB KB non scrive su quanto siano sicure quelle funzioni.
Raccomanda un'applicazione cloud nativa (fattore 12) per scaricare la crittografia nel database (nel mio caso MariaDB)? Il mio codice di esempio può essere migliorato per essere più sicuro (ma solo con le funzioni di MariaDB)?
Ho trovato una (forse) recensione distorta di un venditore di prodotti MyDiamo (desiderano vendere):
Why MySQL Internal Encryption Functions are not Sufficient
1. MySQL Internal Encryption Algorithms are not Safe
MySQL provides many algorithms such as AES, DES, SHA-1 and MD5 algorithms. Among these algorithms, MD5 and SHA-1 are proven to be not safe as they have been cracked. Also, for AES algorithms, the current MySQL 5.6 version generally available provides only the ECB operation mode which is also proven to be unsafe.
2. MySQL Internal Encryption Functions does not Provide Key Management
When encrypting data, not only is the encryption itself important, but also managing key is important. The importance of the key cannot be stressed strongly enough when encryption matters. Most encryption solutions however do not pay much attention to the key. When using MySQL internal encryption functions, the key is exposed to the source, thus no proper key management exists.