Solved

Speed up query on encrypted data

Posted on 2006-11-06
9
409 Views
Last Modified: 2008-02-01
I am calling the sql query below on an encrypted row. There is only 100 rows in the table and it is taking about 500ms per call how can I speed this up. The encrypted fileds are blobs.
SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password')
0
Comment
Question by:mxpoint
  • 5
  • 3
9 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887126
Hi,

Unfortunatley AES_Encrypt and AES_Decrypt can be very slow,

One thing to do would be to make sure that your domain is to ensure your table is indexed correctly - (on the domain field) and to run
optimize table websites.

Another thing that you could do is to decrypt the data after selecting those rows that are correct.

ie
select
    AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url
from
(
Select * from websites where domain = AES_Encrypt('somedomain.com', 'password')
) q

0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887130
Another thing may be your hardware or configuration

if you run

select benchmark(1000, AES_DECRYPT('name','password'))

how long does this take? if this is around 100ms per run you may not be able to get it any faster
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887147
I guess you need to narrow down where it is slow

If you just run
select AES_Encrypt('somedomain.com','password')

then grab the value returned and substitute it in
select name, domain, url from websites where domain = 'yourencryptedstring'

is it slow?

alternativley running

select AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url websites where domain = 'yourencryptedstring'

is this slow?



0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:mxpoint
ID: 17890183
I tried everything you recommended but it didn't help. The domain field is indexed and the table is optimized. I ran "select benchmark(1000, AES_DECRYPT('name','password'))"  in 0 sec. Like you said the aes_decrypt is too slow. I tried selecting the fields without decrypting and it was fast (15ms). Is there any faster alternatives to using aes? because I still need to encrypt those fields.
0
 
LVL 35

Accepted Solution

by:
Raynard7 earned 450 total points
ID: 17895016
Well - if the benchmark is working then the AES should not be the issue - I think that its something else more severe

Your other option would be to use DES_ENCRYPT and DES_DECRYPT
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

or ENCODE and DECODE - which is faster but less secure

You also need to remember that if you are running queries on this encrypted data the query is sent in the clear and the server decrypts the data - so the transmission of the query also needs to be secure

These may help but I feel there is something else going on here... just need to tie down what it is
0
 

Author Comment

by:mxpoint
ID: 17895361
The only other way I know is to encrypt and decrypt using my webapplication. Load the encrypted data into a datatable, loop through and decrypt the encrypted fields.
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17895396
It does not matter - it just depends what is easiest for you.  I was only mentioning the security aspect because if you are storing and sending the password through your web application it could potentially be intercepted.

does the DES_ENCRYPT work better?

Is there any reason it has to be encrypted?
0
 
LVL 4

Assisted Solution

by:Sheeri
Sheeri earned 50 total points
ID: 17895402
You want to do as little encrypting/decrypting as possible:

SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id
  FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

you're doing extra work because you're decrypting the domain, but you already know it.  So already you can rewrite it like this:

SELECT AES_DECRYPT(name,'password') as name, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

(because you already know the domain is 'somedomain.com')

0
 

Author Comment

by:mxpoint
ID: 17895432
The reason I encrypt is because the query for a web statistics database I don't want anyone to know what kind of traffic the domains are getting. Sheeri, nice catch I totally missed that one but It only speed up the query by about 100ms. I am going to stick with encryption/decryption on the application side I think it is a lot faster and secure.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
html input clean up 3 55
MySQL ERROR 1045 (28000) 2 79
Mysql Crashing Intermittently 16 103
Have issues with Query MySQL 9 64
All XML, All the Time; More Fun MySQL Tidbits – Dynamically Generate XML via Stored Procedure in MySQL Extensible Markup Language (XML) and database systems, a marriage we are seeing more and more of.  So the topics of parsing and manipulating XM…
As a database administrator, you may need to audit your table(s) to determine whether the data types are optimal for your real-world data needs.  This Article is intended to be a resource for such a task. Preface The other day, I was involved …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question