Reputation: 73
What type of encryption is used in MySQL ENCODE?
MySQL
ENCODE('pass','salt')
What kind of cryptography is used? Very similar to DES
Is it brute force to go salt when the password is known?
Upvotes: 2
Views: 997
Answers (1)
Reputation: 562731
The source for the algorithm used by ENCODE() and DECODE() is available here:
https://github.com/mysql/mysql-server/blob/5.7/sql/sql_crypt.cc
Comments in that file say that this algorithm "should be ok for short strings" but that doesn't give me confidence that it is a professional-strength encryption algorithm.
Note that these two functions have been deprecated in MySQL 5.7. You should use AES_ENCRYPT() & AES_DECRYPT() instead.
However, there is also a recommendation to avoid using encryption functions in SQL at all, because if you do, the plaintext string is going to be added to your query logs or binary logs:
INSERT INTO SuperSecureTable
SET secret = AES_ENCRYPT('no one should see this', 'secret');
Re comment from @ikegami:
I think you're confusing encryption with hashing.
Correction: I take your point. Depending on how secure the requirements for the encryption, AES_ENCRYPT() is not appropriate either. It's better to use the state of the art encryption in one's application, and insert the resulting encrypted data into the database.
This would also address the problem I mentioned above, of plaintext being recorded in logs.
Upvotes: 3
Related Questions
- What is Drupal's default password encryption method?
- How does Encryption on MySQL work MySQL version 5.7?
- How Decode Password
- MySQL Encryption
- Which data format do I need to decrypt data stored in MySQL DB?
- Storing information encoded in mysql
- mysql: encrypting and decrypting data
- MySQL & PHP cross encryption / decryption algorithm?
- MYSQL | AES encrypt() / decrypt()
- MySQL aes_encrypt padding scheme?