| Author |
Topic |
|
diyagan
Starting Member
22 Posts |
 Posted - 2007-10-03 : 01:36:59
|
| Hai I am new to SQL server and working on Encryption.I just want to know whether it is better to encrpt a data in database or in the code itself.I want to encrypt a number and not a text.which one would u suggest RC4 algorithm or pwdencrypt..any one plz reply soon.. |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2007-10-03 : 02:09:03
|
| what are you going to be encrypting? a single column of a table? all the columns in a table? text or varchar? give us some details about what it is that you are attempting to do.-ec |
 |
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:12:08
|
| i am encrypting one one column of a table and the data comes from front end..the columns data type is decimal.i am storing numbers in the column .. |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2007-10-03 : 02:19:56
|
| if you are using SQL 2000, then you would need to use something like pwdencrypt (which is undocumented btw) or you could use the encryption toolkit from michael coles (excellent stuff btw) here http://www.sqlservercentral.com/articles/Security/freeencryption/1980/there is also a commercial product called xp_crypt that I evaluated several years ago but never used. you can find that here http://www.xpcrypt.com/If you are using SQL 2005 then you probably want to use the built in encryption functions (now fully documented and supported). Check BOL for details.-ec |
|
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:27:03
|
| thank u james..i want to know why should we go for pwdencrypt rather than using rc4 algorithm |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2007-10-03 : 02:33:16
|
quote:
Originally posted by diyagan
thank u james..i want to know why should we go for pwdencrypt rather than using rc4 algorithm
I'm not saying that. I actually would use the stuff Michael Coles came up with - which includes aes, blowfish and even simple rot-13 encryption. both aes and blowfish are superior to rc4 btw.the pwdencrypt stuff is simple to use and doesn't require you to implement any 3rd party stored procs or functions. It is used all the time by sql server for internal stuff and is known to work. it just isn't documented (officially) and may or may not work for you if and when you upgrade to a newer release of sql server.pwdencrypt is also known to be weak http://www.sqlteam.com/article/pwdencrypt-weakness-ec |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:41:53
|
| thank u james.i read the link u gave.it would be really helpful if u can give the advantages and disadvantages of using rc4 algorithm and pwdencrypt |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2007-10-03 : 02:42:24
|
quote:
Originally posted by diyagan
thank u james.i read the link u gave.it would be really helpful if u can give the advantages and disadvantages of using rc4 algorithm and pwdencrypt
is this a schoolwork question? |
|
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:42:54
|
| thank u james.i read the link u gave.it would be really helpful if u can give the advantages and disadvantages of using rc4 algorithm and pwdencrypt |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2007-10-03 : 02:43:39
|
| i think this thread is done. |
|
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:48:09
|
| no this is not a school work.. |
|
|
|
diyagan
Starting Member
22 Posts |
Posted - 2007-10-03 : 02:51:01
|
| i am still not getting a valid point of why i should not use rc4 algorithm |
|
|
|
|
Encryption