• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Speed up query on encrypted data

I am calling the sql query below on an encrypted row. There is only 100 rows in the table and it is taking about 500ms per call how can I speed this up. The encrypted fileds are blobs.
SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password')
0
mxpoint
Asked:
mxpoint
  • 5
  • 3
2 Solutions
 
Raynard7Commented:
Hi,

Unfortunatley AES_Encrypt and AES_Decrypt can be very slow,

One thing to do would be to make sure that your domain is to ensure your table is indexed correctly - (on the domain field) and to run
optimize table websites.

Another thing that you could do is to decrypt the data after selecting those rows that are correct.

ie
select
    AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url
from
(
Select * from websites where domain = AES_Encrypt('somedomain.com', 'password')
) q

0
 
Raynard7Commented:
Another thing may be your hardware or configuration

if you run

select benchmark(1000, AES_DECRYPT('name','password'))

how long does this take? if this is around 100ms per run you may not be able to get it any faster
0
 
Raynard7Commented:
I guess you need to narrow down where it is slow

If you just run
select AES_Encrypt('somedomain.com','password')

then grab the value returned and substitute it in
select name, domain, url from websites where domain = 'yourencryptedstring'

is it slow?

alternativley running

select AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url websites where domain = 'yourencryptedstring'

is this slow?



0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
mxpointAuthor Commented:
I tried everything you recommended but it didn't help. The domain field is indexed and the table is optimized. I ran "select benchmark(1000, AES_DECRYPT('name','password'))"  in 0 sec. Like you said the aes_decrypt is too slow. I tried selecting the fields without decrypting and it was fast (15ms). Is there any faster alternatives to using aes? because I still need to encrypt those fields.
0
 
Raynard7Commented:
Well - if the benchmark is working then the AES should not be the issue - I think that its something else more severe

Your other option would be to use DES_ENCRYPT and DES_DECRYPT
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

or ENCODE and DECODE - which is faster but less secure

You also need to remember that if you are running queries on this encrypted data the query is sent in the clear and the server decrypts the data - so the transmission of the query also needs to be secure

These may help but I feel there is something else going on here... just need to tie down what it is
0
 
mxpointAuthor Commented:
The only other way I know is to encrypt and decrypt using my webapplication. Load the encrypted data into a datatable, loop through and decrypt the encrypted fields.
0
 
Raynard7Commented:
It does not matter - it just depends what is easiest for you.  I was only mentioning the security aspect because if you are storing and sending the password through your web application it could potentially be intercepted.

does the DES_ENCRYPT work better?

Is there any reason it has to be encrypted?
0
 
SheeriCommented:
You want to do as little encrypting/decrypting as possible:

SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id
  FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

you're doing extra work because you're decrypting the domain, but you already know it.  So already you can rewrite it like this:

SELECT AES_DECRYPT(name,'password') as name, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

(because you already know the domain is 'somedomain.com')

0
 
mxpointAuthor Commented:
The reason I encrypt is because the query for a web statistics database I don't want anyone to know what kind of traffic the domains are getting. Sheeri, nice catch I totally missed that one but It only speed up the query by about 100ms. I am going to stick with encryption/decryption on the application side I think it is a lot faster and secure.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now