The forum will experience an outage sometime between February 10 at 7:00pm EST and February 12 at 11:59 EST for installation of security updates. The actual time and duration of the outage are unknown but attempts will be made to minimize the downtime. We apologize for any inconvenience.

The CR Number 749256 notifies about changes to strong encryption - now achieved using OpenSSL, as of 16.0.1670 and 12.0.1.3977.

Does that also have any implications on pure database encryption (DBKEY=...) and the ENCRYPT()/DECRYPT() functions, which only do use symmetric encryption - and when not using FIPS mode?

The note is surely long but leaves these questions open, methinks.

asked 08 Nov '13, 12:17

Volker%20Barth's gravatar image

Volker Barth
29.3k287438644
accept rate: 32%


My apologies, I meant to ask and answer a question similar to this preemptively, but I did not. The short answer is no, there is no effect on database encryption or the encrypt() or decrypt() functions. Databases that were encrypted before can still be read, and data that was encrypted using encrypt() with Certicom can be decrypted using decrypt() with OpenSSL.

In fact, other than using FIPS, database encryption is not affected by this because we use our own implementation of the AES algorithm. When using FIPS (i.e. creating a database and specifying 'AES_FIPS' or 'AES256_FIPS' as the algorithm), the OpenSSL library is now used, whereas before it was Certicom.

In a nutshell, the encryption and hashing algorithms are exactly the same, and so it makes no difference who implements them.

There are incompatibilities with TLS communication encryption but again, only when using FIPS. I will outline those in a different question.

permanent link

answered 08 Nov '13, 12:24

Graeme%20Perrow's gravatar image

Graeme Perrow
8.3k369106
accept rate: 51%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×186
×60
×37
×32
×5

question asked: 08 Nov '13, 12:17

question was seen: 719 times

last updated: 08 Nov '13, 12:24