Solved

MD5 viability in SS

Posted on 2013-06-24
6
274 Views
Last Modified: 2013-06-24
Is it possible to implement the below in sql server? if so, is there any microsoft tech paper on how to incorporate into r2 db?
http://en.wikipedia.org/wiki/MD5
0
Comment
Question by:25112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:didnthaveaname
didnthaveaname earned 250 total points
ID: 39272519
Can I ask a probing question as to what you are looking to do?  My primary point behind this is if you read that article:


In December 2008, a group of researchers used this technique to fake SSL certificate validity,[7][8] and CMU Software Engineering Institute now says that MD5 "should be considered cryptographically broken and unsuitable for further use",[9] and most U.S. government applications now require the SHA-2 family of hash functions

I would, personally, encourage either hardware encryption or have you looked at TDE?  It has stronger encryption algorithms than MD5.  This is a good article: http://www.sql-server-performance.com/2008/Transparent-Data-Encryption/

Also: http://msdn.microsoft.com/en-us/library/bb934049.aspx
0
 
LVL 5

Author Comment

by:25112
ID: 39272546
Hi didnthaveaname,

actually, the real link i meant to submit was http://en.wikipedia.org/wiki/SHA-1 .. sorry ..

 I was checking into SHA , only because I read elsewhere it is more knock-proof than MD5. (as you pointed out)

For something sensitive like cc, we were suggested that in decryption, the key to unlock the data remains within the data, and hence it remains a security risk. If that is the only downside to native sql server encryption, what are recommendations to overcome that?
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39272558
Here's the article for hashing with SQL Server: http://msdn.microsoft.com/en-us/library/ms174415.aspx
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 5

Author Comment

by:25112
ID: 39272570
thanks.

for credit card in ss, would you see reasons to choose SHA1 over TDE or vice versa?

the key being stored within the database- is that a real concern?
0
 
LVL 8

Assisted Solution

by:didnthaveaname
didnthaveaname earned 250 total points
ID: 39272615
I can only speak from my experience with my company.  We do not use TDE.  We use an ingrian hardware encryption appliance to separate the two functions.  The encrypted values are persisted into SQL server for the very security reasons you mentioned.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 39272628
If you are going to be storing credit card data, you need to become familiar with PCI DSS.  https://www.pcisecuritystandards.org/security_standards/  There is a lot more than just encryption required.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question