Solved

Speed up query on encrypted data

Posted on 2006-11-06
9
391 Views
Last Modified: 2008-02-01
I am calling the sql query below on an encrypted row. There is only 100 rows in the table and it is taking about 500ms per call how can I speed this up. The encrypted fileds are blobs.
SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password')
0
Comment
Question by:mxpoint
  • 5
  • 3
9 Comments
 
LVL 35

Expert Comment

by:Raynard7
Comment Utility
Hi,

Unfortunatley AES_Encrypt and AES_Decrypt can be very slow,

One thing to do would be to make sure that your domain is to ensure your table is indexed correctly - (on the domain field) and to run
optimize table websites.

Another thing that you could do is to decrypt the data after selecting those rows that are correct.

ie
select
    AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url
from
(
Select * from websites where domain = AES_Encrypt('somedomain.com', 'password')
) q

0
 
LVL 35

Expert Comment

by:Raynard7
Comment Utility
Another thing may be your hardware or configuration

if you run

select benchmark(1000, AES_DECRYPT('name','password'))

how long does this take? if this is around 100ms per run you may not be able to get it any faster
0
 
LVL 35

Expert Comment

by:Raynard7
Comment Utility
I guess you need to narrow down where it is slow

If you just run
select AES_Encrypt('somedomain.com','password')

then grab the value returned and substitute it in
select name, domain, url from websites where domain = 'yourencryptedstring'

is it slow?

alternativley running

select AES_DECRYPT(q.name,'password') as name,AES_DECRYPT(q.domain,'password') as domain, AES_DECRYPT(q.url,'password') as url websites where domain = 'yourencryptedstring'

is this slow?



0
 

Author Comment

by:mxpoint
Comment Utility
I tried everything you recommended but it didn't help. The domain field is indexed and the table is optimized. I ran "select benchmark(1000, AES_DECRYPT('name','password'))"  in 0 sec. Like you said the aes_decrypt is too slow. I tried selecting the fields without decrypting and it was fast (15ms). Is there any faster alternatives to using aes? because I still need to encrypt those fields.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 35

Accepted Solution

by:
Raynard7 earned 450 total points
Comment Utility
Well - if the benchmark is working then the AES should not be the issue - I think that its something else more severe

Your other option would be to use DES_ENCRYPT and DES_DECRYPT
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

or ENCODE and DECODE - which is faster but less secure

You also need to remember that if you are running queries on this encrypted data the query is sent in the clear and the server decrypts the data - so the transmission of the query also needs to be secure

These may help but I feel there is something else going on here... just need to tie down what it is
0
 

Author Comment

by:mxpoint
Comment Utility
The only other way I know is to encrypt and decrypt using my webapplication. Load the encrypted data into a datatable, loop through and decrypt the encrypted fields.
0
 
LVL 35

Expert Comment

by:Raynard7
Comment Utility
It does not matter - it just depends what is easiest for you.  I was only mentioning the security aspect because if you are storing and sending the password through your web application it could potentially be intercepted.

does the DES_ENCRYPT work better?

Is there any reason it has to be encrypted?
0
 
LVL 4

Assisted Solution

by:Sheeri
Sheeri earned 50 total points
Comment Utility
You want to do as little encrypting/decrypting as possible:

SELECT AES_DECRYPT(name,'password') as name,AES_DECRYPT(domain,'password') as domain, AES_DECRYPT(url,'password') as url, id
  FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

you're doing extra work because you're decrypting the domain, but you already know it.  So already you can rewrite it like this:

SELECT AES_DECRYPT(name,'password') as name, AES_DECRYPT(url,'password') as url, id FROM websites WHERE domain = AES_Encrypt('somedomain.com','password');

(because you already know the domain is 'somedomain.com')

0
 

Author Comment

by:mxpoint
Comment Utility
The reason I encrypt is because the query for a web statistics database I don't want anyone to know what kind of traffic the domains are getting. Sheeri, nice catch I totally missed that one but It only speed up the query by about 100ms. I am going to stick with encryption/decryption on the application side I think it is a lot faster and secure.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I have been using r1soft Continuous Data Protection (http://www.r1soft.com/linux-cdp/) for many years now with the mySQL Addon and wanted to share a trick I have used several times. For those of us that don't have the luxury of using all transact…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now