

Ask HN: Is there a safe way to encrypt databases? - alexchamberlain

Dear HN,<p>Is there a safe way to encrypt databases?<p>My understanding of the issue is that if it is encrypted, then the key has to exist on the same machine anyway, so there's not much point.
======
Firehed
What data are you trying to protect? There are a number of different
approaches to this, all of which vary by what you're trying to achieve. You
can encrypt certain fields generating an encryption key based on non-encrypted
data in the row (ex. your key may be sha256(primary key value + create time +
application secret), and rather than protecting one master key you must
protect the key-generation algorithm). Or you can have one master key that you
use to encrypt data - this key should never be written to disk (the key should
be decrypted into memory from your key custodians' passwords). Or a
combination of both. You should also have a way to version keys so that you
can perform key rotation. Certain DB engines allow the entire database file to
be encrypted (SQLite offers this with some paid extension, I believe). Or have
the user encrypt the data before sending it (as some backup services do).

Consult an expert. I could give more details about effective encryption
strategies, but I don't want a newbie finding my post, reading half of it, and
implementing something dangerously bad. At least no encryption is at a known
level of safety; data that's been encrypted incorrectly gives a huge false
sense of security.

------
traxtech
There's a point, because if your sysadmin is competent, having access to the
database of a webapp (webapp break-in) is much easier than being able to dump
the server memory (OS break-in).

You can go hardware with a cryptographic accelerator PCI card (good luck
integrating that in your webapp)

------
davidw
You could use the user's password, when they log in?

~~~
alexchamberlain
What if they lose their password?

The password has to be hashed in the database, so there is no way to decrypt
the data.

Furthermore, it introduces problems for sharing between users.

~~~
mike-cardwell
Generate a key for each user. Encrypt the users key with their password, but
then create a second backup encrypted copy using public key crypto. If the
user loses their password, then you can have systems in place to retrieve the
key from the backup encrypted container.

The process of retrieving the key could involve somebody manually approving
the decryption of it on a secondary system where the private key lives, and
then copying it over to the original server to be re-encrypted with the users
new password.

EDIT: If data needs to be shared between users, then a new sharing key can be
created, and encrypted with both users passwords and the backup public key.
That data can then be re-encrypted with the shared key.

~~~
davidw
It's nice to read this, because I have recently been involved in creating just
such a system, and it's pretty close to how you describe it.

~~~
mike-cardwell
I'd be interested to read about such a system if you ever have the motivation
and opportunity.

