Solved

MD5 viability in SS

Posted on 2013-06-24
6
272 Views
Last Modified: 2013-06-24
Is it possible to implement the below in sql server? if so, is there any microsoft tech paper on how to incorporate into r2 db?
http://en.wikipedia.org/wiki/MD5
0
Comment
Question by:25112
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:didnthaveaname
didnthaveaname earned 250 total points
ID: 39272519
Can I ask a probing question as to what you are looking to do?  My primary point behind this is if you read that article:


In December 2008, a group of researchers used this technique to fake SSL certificate validity,[7][8] and CMU Software Engineering Institute now says that MD5 "should be considered cryptographically broken and unsuitable for further use",[9] and most U.S. government applications now require the SHA-2 family of hash functions

I would, personally, encourage either hardware encryption or have you looked at TDE?  It has stronger encryption algorithms than MD5.  This is a good article: http://www.sql-server-performance.com/2008/Transparent-Data-Encryption/

Also: http://msdn.microsoft.com/en-us/library/bb934049.aspx
0
 
LVL 5

Author Comment

by:25112
ID: 39272546
Hi didnthaveaname,

actually, the real link i meant to submit was http://en.wikipedia.org/wiki/SHA-1 .. sorry ..

 I was checking into SHA , only because I read elsewhere it is more knock-proof than MD5. (as you pointed out)

For something sensitive like cc, we were suggested that in decryption, the key to unlock the data remains within the data, and hence it remains a security risk. If that is the only downside to native sql server encryption, what are recommendations to overcome that?
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39272558
Here's the article for hashing with SQL Server: http://msdn.microsoft.com/en-us/library/ms174415.aspx
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Author Comment

by:25112
ID: 39272570
thanks.

for credit card in ss, would you see reasons to choose SHA1 over TDE or vice versa?

the key being stored within the database- is that a real concern?
0
 
LVL 8

Assisted Solution

by:didnthaveaname
didnthaveaname earned 250 total points
ID: 39272615
I can only speak from my experience with my company.  We do not use TDE.  We use an ingrian hardware encryption appliance to separate the two functions.  The encrypted values are persisted into SQL server for the very security reasons you mentioned.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 39272628
If you are going to be storing credit card data, you need to become familiar with PCI DSS.  https://www.pcisecuritystandards.org/security_standards/  There is a lot more than just encryption required.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now