Solved

Speed up query on encrypted data

Posted on 2006-11-06
9
421 Views
Last Modified: 2008-02-01
I am calling the sql query below on an encrypted row. There is only 100 rows in the table and it is taking about 500ms per call how can I speed this up. The encrypted fileds are blobs.
SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password')
0
Comment
Question by:mxpoint
  • 5
  • 3
9 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887126
Hi,

Unfortunatley AES_Encrypt and AES_Decrypt can be very slow,

One thing to do would be to make sure that your domain is to ensure your table is indexed correctly - (on the domain field) and to run
optimize table websites.

Another thing that you could do is to decrypt the data after selecting those rows that are correct.

ie
select
    AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url
from
(
Select * from websites where domain = AES_Encrypt('somedomain.com', 'password')
) q

0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887130
Another thing may be your hardware or configuration

if you run

select benchmark(1000, AES_DECRYPT('name','password'))

how long does this take? if this is around 100ms per run you may not be able to get it any faster
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17887147
I guess you need to narrow down where it is slow

If you just run
select AES_Encrypt('somedomain.com','password')

then grab the value returned and substitute it in
select name, domain, url from websites where domain = 'yourencryptedstring'

is it slow?

alternativley running

select AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url websites where domain = 'yourencryptedstring'

is this slow?



0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:mxpoint
ID: 17890183
I tried everything you recommended but it didn't help. The domain field is indexed and the table is optimized. I ran "select benchmark(1000, AES_DECRYPT('name','password'))"  in 0 sec. Like you said the aes_decrypt is too slow. I tried selecting the fields without decrypting and it was fast (15ms). Is there any faster alternatives to using aes? because I still need to encrypt those fields.
0
 
LVL 35

Accepted Solution

by:
Raynard7 earned 450 total points
ID: 17895016
Well - if the benchmark is working then the AES should not be the issue - I think that its something else more severe

Your other option would be to use DES_ENCRYPT and DES_DECRYPT
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

or ENCODE and DECODE - which is faster but less secure

You also need to remember that if you are running queries on this encrypted data the query is sent in the clear and the server decrypts the data - so the transmission of the query also needs to be secure

These may help but I feel there is something else going on here... just need to tie down what it is
0
 

Author Comment

by:mxpoint
ID: 17895361
The only other way I know is to encrypt and decrypt using my webapplication. Load the encrypted data into a datatable, loop through and decrypt the encrypted fields.
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17895396
It does not matter - it just depends what is easiest for you.  I was only mentioning the security aspect because if you are storing and sending the password through your web application it could potentially be intercepted.

does the DES_ENCRYPT work better?

Is there any reason it has to be encrypted?
0
 
LVL 4

Assisted Solution

by:Sheeri
Sheeri earned 50 total points
ID: 17895402
You want to do as little encrypting/decrypting as possible:

SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id
  FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

you're doing extra work because you're decrypting the domain, but you already know it.  So already you can rewrite it like this:

SELECT AES_DECRYPT(name,'password') as name, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

(because you already know the domain is 'somedomain.com')

0
 

Author Comment

by:mxpoint
ID: 17895432
The reason I encrypt is because the query for a web statistics database I don't want anyone to know what kind of traffic the domains are getting. Sheeri, nice catch I totally missed that one but It only speed up the query by about 100ms. I am going to stick with encryption/decryption on the application side I think it is a lot faster and secure.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide whil teach how to setup live replication (database mirroring) on 2 servers for backup or other purposes. In our example situation we have this network schema (see atachment). We need to replicate EVERY executed SQL query on server 1 to…
This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question