Do database encrypt or hash tables/collection?

Question

I am working on a simple database system as a resume project and i would like to know if mainstream databases like MySQL or MongoDB encrypt the files where table/collection data is stored? If they do, do they encrypt the entire file or they encrypt the data when it is inserted (i think it's probably going to be the second one but maybe i am wrong)? Do they use encrypt algorithms or hashing algorithms?

Answer 1

Most modern databases support encryption at rest. From thr DBMS's perspective this is full database encryption, which from the application's side is transparent, sometimes called TDE, transparent database encryption). This means the client supplies the key or key id upon initial connection and from then on the database is accessed as if it was not encrypted. (This is oversimplified, please refer to DBMS documentation as for what actually happens and how clients are authenticated and authorized.)

On the DBMS storage (eg. filesystem) the whole database file (or files) are encrypted with a suitable and configurable algorithm, usually AES256. You mentioned hashing, but a hash is one way and cannot provide confidentiality. If you wanted to implement anything related to cryptography, you will need to understand the difference.

Encrypting data granularly (eg. each field separately) would be a task for the application if necessary, not typically done by the DBMS. Such encryption on the application level mitigates a different threat than TDE.

Also a key point (pun intended) is where to store encryption keys, and how to manage (rotate, authorize use, revoke, log access to) them in general. Answering that is way beyond the scope of a SO post.