Cryptography Reference
In-Depth Information
the right row by knowing either
h
(
x
)
or just
x
and the structure of
h
. That is, anyone searching for the secret data can find it in the
sea of noise by knowing either the right key,
2
c
42
d
45
...
,ortheright
name
h
(
name
+
way to calculate the key (Use your
,andcompute
swordf ish
))
.
There are a number of ways that this technique can be extended.
One simple mechanism is to put random numbers in one column,
call them
x
i
)
. Only the
legitimate rows have digital signatures that check out. These signa-
tures could be as simple as a
message authentication code
or MAC
like
x
i
, and digital signatures in another,
y
i
=
s
(
)
. Still, using fast authentication
computations makes this an expensive mechanism because some-
one looking for data must look at every row and decide whether
s
(
x
)=
SHA
256(
x
+
password
y
i
matches
s
(
x
i
)
.
20.4 Summary
Databases don't need to store information in the clear and rely on
elaborate security mechanisms and good operating systems to pro-
tect the information. The client can encrypt or hash the data before
storing it. Only the client can fetch it later.
This increases the security of the database and reduces the re-
sponsibility on the shoulders of the database administrator at the
cost of eliminating their ability to help. Removing the danger of a
superuser also eliminates the superuser as a source of assistance.
The Disguise
Hide information in a database by either encrypting it
completely or storing it steganographically inside other infor-
mation.
How Secure Is It?
It depends on the quality of the encryption or
steganographic algorithm. In most cases, the best hash func-
tions will suffice, although somemathematical research is chip-
ping away at their strength.
How to Use It?
Use
SHA
256(
data
)
instead of
data
for a column. Only
thetrueownerof
data
can then use that column as a key to
locate the row.
Further Reading
•
My topic,
Translucent Databases
, describes a number of
techniques for hiding information in databases.[Way01]
