• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

Where is the best place to store an encryption key?

I have been updating a website and adding encryption to encrypt customer data (name, address & email) when it is stored in the MySQL database.  The details are as follows:

To get things up and running (development only at the moment), I have stored the encryption key in the same row as the customer data.
Each customer has their own encryption key
When data is accessed (on their profile page for example), it is unencrypted using their key

My question is where really is the best place to store the key? Keeping it where it is isn't really an option I wouldn't have thought, as if the database was compromised, then the attacker would have both the encrypted data and the key.

One thought I has was storing and retrieving the keys on a remote server via web-services and via the firewalls, ensuring that only the main web-server can access the remote server.
0
emjx
Asked:
emjx
1 Solution
 
Neil RussellTechnical Development LeadCommented:
Even better if that is available to you is split the cusotmer data in two and have half on one server and half on the other with the keys on the oporsite server.
0
 
wkCommented:
You should consider a HSM.

First, key and data should not placed in the same place.  You will not place a lock and its respective key at the same place.

And, why you have different user profiles with different keys?  Simply because you think it is more secure.  The less secure factor is because the key is stored on a non-secured means.  So using a HSM make it secured.  HSM is FIPS 140 Level 2/3 compliance.  Means it is not able to duplicate.  If someone try to tamper it, the private key is destroyed.

A simple HSM may be a smartcard - or a USB based smartcard, like Safenet iKey.  However, this kind of HSM is too slow for server applications.  Consider Thales nShield Connect - http://www.thales-esecurity.com/en/Products/Hardware%20Security%20Modules/nShield%20Connect.aspx

Hope this helps,

William Lee     CISA CISSP
Hong Kong
0
 
emjxAuthor Commented:
wk > True, a hardware security module would be nice, but for small businesses it is way out of reach. I have different user profiles with different keys because if one key were discovered for example, only one record of data could be compromised. Just need to decide where to store those keys and in what means.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
TolomirAdministratorCommented:
Instead of storing the encryption key, you should salt+hash the password.

Whenever a user enters the password, it is salted (with the original value) and hashed. when the output is identical to the stored value, you can use the given password to decipher the encrypted data.

This way it is not possible to extract the encryption password from the database, since you keep the salt value in the application and not in the database and the hash function is a one-way operation. An attacker has to guess the salt value and try all possible password combinations to get to the stored hashed value. When you even hide the hash function from the attacker, he would also has to guess what was used to hash the encryption password.

This way you don't need no hardware encryption and are rather secure.
0
 
emjxAuthor Commented:
Ham is just too expensive for small websites and there is a million and one ways to handle encrypted data, so this question? Not really a single answer.
0
 
emjxAuthor Commented:
No single answer for this question.
0
 
wkCommented:
In fact, HSM is not as expensive as you think.

I recently got a FIPS-140 Level 2 HSM card (PCI-Card) from nCipher - only costs less than 4K USD.  Means the cost of a morden server.

William
0
 
emjxAuthor Commented:
@SouthMod,

I do not agree that the advice given is neccessarily the best place to store an encryption key - perhaps rather than closing the question, it should be deleted on the basis that perhaps it is just to vague a subject and answers purely speculative.
0
 
wkCommented:
Please note that HSM could also means a smartcard, which is cheap.

So the implementation is up to your choice.  The point is - if it is secure ***enough***.  HSM/Tokens make it secure enough.

If price is a concern, ikey type token is always there.  The trade off is speed.  It is safe, not duplicatable.

William
0
 
emjxAuthor Commented:
Accepting this solution which would be a good option for a medium/large organisation but is out of reach from most small organisations.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now