The CR Number 749256 notifies about changes to strong encryption - now achieved using OpenSSL, as of 16.0.1670 and 126.96.36.19977.
Does that also have any implications on pure database encryption (DBKEY=...) and the ENCRYPT()/DECRYPT() functions, which only do use symmetric encryption - and when not using FIPS mode?
The note is surely long but leaves these questions open, methinks.
asked 08 Nov '13, 12:17
My apologies, I meant to ask and answer a question similar to this preemptively, but I did not. The short answer is no, there is no effect on database encryption or the
In fact, other than using FIPS, database encryption is not affected by this because we use our own implementation of the AES algorithm. When using FIPS (i.e. creating a database and specifying 'AES_FIPS' or 'AES256_FIPS' as the algorithm), the OpenSSL library is now used, whereas before it was Certicom.
In a nutshell, the encryption and hashing algorithms are exactly the same, and so it makes no difference who implements them.
There are incompatibilities with TLS communication encryption but again, only when using FIPS. I will outline those in a different question.
answered 08 Nov '13, 12:24