Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Speed up query on encrypted data

Posted on 2006-11-06
9
Medium Priority
?
457 Views
Last Modified: 2008-02-01
I am calling the sql query below on an encrypted row. There is only 100 rows in the table and it is taking about 500ms per call how can I speed this up. The encrypted fileds are blobs.
SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password')
0
Comment
Question by:mxpoint
  • 5
  • 3
9 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887126
Hi,

Unfortunatley AES_Encrypt and AES_Decrypt can be very slow,

One thing to do would be to make sure that your domain is to ensure your table is indexed correctly - (on the domain field) and to run
optimize table websites.

Another thing that you could do is to decrypt the data after selecting those rows that are correct.

ie
select
    AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url
from
(
Select * from websites where domain = AES_Encrypt('somedomain.com', 'password')
) q

0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887130
Another thing may be your hardware or configuration

if you run

select benchmark(1000, AES_DECRYPT('name','password'))

how long does this take? if this is around 100ms per run you may not be able to get it any faster
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887147
I guess you need to narrow down where it is slow

If you just run
select AES_Encrypt('somedomain.com','password')

then grab the value returned and substitute it in
select name, domain, url from websites where domain = 'yourencryptedstring'

is it slow?

alternativley running

select AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url websites where domain = 'yourencryptedstring'

is this slow?



0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:mxpoint
ID: 17890183
I tried everything you recommended but it didn't help. The domain field is indexed and the table is optimized. I ran "select benchmark(1000, AES_DECRYPT('name','password'))"  in 0 sec. Like you said the aes_decrypt is too slow. I tried selecting the fields without decrypting and it was fast (15ms). Is there any faster alternatives to using aes? because I still need to encrypt those fields.
0
 
LVL 35

Accepted Solution

by:
Raynard7 earned 1800 total points
ID: 17895016
Well - if the benchmark is working then the AES should not be the issue - I think that its something else more severe

Your other option would be to use DES_ENCRYPT and DES_DECRYPT
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

or ENCODE and DECODE - which is faster but less secure

You also need to remember that if you are running queries on this encrypted data the query is sent in the clear and the server decrypts the data - so the transmission of the query also needs to be secure

These may help but I feel there is something else going on here... just need to tie down what it is
0
 

Author Comment

by:mxpoint
ID: 17895361
The only other way I know is to encrypt and decrypt using my webapplication. Load the encrypted data into a datatable, loop through and decrypt the encrypted fields.
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17895396
It does not matter - it just depends what is easiest for you.  I was only mentioning the security aspect because if you are storing and sending the password through your web application it could potentially be intercepted.

does the DES_ENCRYPT work better?

Is there any reason it has to be encrypted?
0
 
LVL 4

Assisted Solution

by:Sheeri
Sheeri earned 200 total points
ID: 17895402
You want to do as little encrypting/decrypting as possible:

SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id
  FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

you're doing extra work because you're decrypting the domain, but you already know it.  So already you can rewrite it like this:

SELECT AES_DECRYPT(name,'password') as name, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

(because you already know the domain is 'somedomain.com')

0
 

Author Comment

by:mxpoint
ID: 17895432
The reason I encrypt is because the query for a web statistics database I don't want anyone to know what kind of traffic the domains are getting. Sheeri, nice catch I totally missed that one but It only speed up the query by about 100ms. I am going to stick with encryption/decryption on the application side I think it is a lot faster and secure.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
In this article, I’ll talk about multi-threaded slave statistics printed in MySQL error log file.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question