stackoom
  简体   繁体   中英

Resize mySql columns to accommodate encrypted data - how much?

 原文  2017-06-25 02:25:55       php/ mysql/ encryption

Question

I have mySql database which use utf8_general_ci encoding. My tables are InnoDB

CodeIgniter(3.x) is used as framework to build the php application. My plan is to encrypt some of the data, using the CodeIgniter(3.x) encryption class for enhanced security.

I use AES-256 and the length of my encryption key is 32 bytes (characters)

Most of the columns that will be encrypted is currently of type varchar(255). I am considering increasing this value, but I don't know for how much.

1 answers

solution1
 2 ACCPTED  2017-06-25 03:13:52

This really comes down to the mode of operation you intend to use. AES is a block cipher with a block size of 128 bits. That is, 128 bits of plaintext results in 128 bits of ciphertext.

However...

Modes of operation like ECB and CBC require that the input data is a multiple of the block size in length. So if, for example, you want to encrypt only 112 bits of plaintext, then your plaintext must first be padded to be a multiple of the blocksize (eg we add 2 bytes of padding). This is usually done automatically by the AES implementation, but it does mean that the length of your plaintext, when encrypted, can increase by up to 16 bytes.

Modes of operation like CTR and CFB turn block ciphers into stream ciphers. Padding is not required for stream ciphers, so 112 bits of plaintext is encrypted to 112 bits of ciphertext.

You also need to consider the need to prepend an IV/nonce. Normally this is a 16 byte value, but GCM and CTR mode can vary. I believe the default is 12 bytes, but I may be mistaken.

Keeping the above in mind, and assuming any data you wish to encrypt is less than or equal to your original 255 byte limit, you will need to:

  • For ECB, increase the limit to 256 bytes (a perfect multiple of 16 bytes).

  • For CBC, increase the limit to 256 + 16 bytes (for the IV).

  • For modes that turn AES into a stream cipher (CTR, CFB etc.), the data amount can be the same (255 bytes), but you will need to make room for your nonce, which I think is normally 12 bytes. You'll need to confirm this.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store encrypted data in mySQL How to insert or update into mysql encrypted columns? MySQL - How to store AES_Encrypted data? How to sort encrypted data by PHP in Mysql query How to speed up mysql to accommodate thousands of rows Mysql - to much data in database how to decrypt the encrypted data in php mysql using aes? How to store 'query-able' encrypted data in MySQL? MySQL and Storing encrypted User Data Selecting Encrypted Data from MySQL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM