最佳算法加密/解密字符串&密钥存储方法 [英] Best algorithm to Encrypting / Decrypting a string & Key storage method

问题描述

不建议以纯文本形式在数据库中存储电子邮件地址，因此我想找出最好的算法来做到这一点。选项为：

（从文档中）

• CFMX_COMPAT：在ColdFusion MX和以前的版本中使用的算法。



• AES：国家标准与技术研究所（NIST）规定的高级加密标准FIPS-197 。




• BLOWFISH：由Bruce Schneier定义的Blowfish算法。






• DESEDE：由NIST FIPS-46-3定义的三重DES算法。 p>

另一个问题是密钥应存储在哪里？在数据库还是在源代码？它会被加密还是不加密？如果它将被加密，那么问题提出如何存储将加密密钥的密钥。

如果它存储在源代码中，将无源分发好吗？

解决方案

我会使用AES。它是那些列出的最快的和最强的。

至于在哪里存储密钥，这是$ 64,000的问题。你不应该把它放在DB（至少不是和它用于加密的数据在同一个DB）或在源代码。

密钥管理是一个主题的野兽。 NIST有数百页的文档，有关如何做到这一点。

http://csrc.nist.gov /groups/ST/toolkit/key_management.html

密钥管理涉及正确的生成，交换，存储，旋转和销毁密钥。你不应该永远使用相同的键（一个很常见的错误）或不正确的存储。

您应该查看NIST指南，并确定一个适合您的策略，并根据其敏感性充分保护您的数据。

It is not advisable to store email addresses in databases in plain text, so I would like to find out the best algorithm to do this. Options are:

(From the documentation)

• CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).

• AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.

• BLOWFISH: the Blowfish algorithm defined by Bruce Schneier.

• DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.

• DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3.

Another questions is where should the key be stored? In the database or in the source code? Will it be encrypted or not? If it will be encrypted, then the question raises of how the key that will encrypt the key be stored.

Should it be stored in the source code, will sourceless distribution be good?

解决方案

I would use AES. it's the fastest of those listed and the strongest.

As for where to store the key, that is the $64,000 question. You should not put it in the DB (At least not in the same DB as the data it is being used to encipher) or in your source code.

Key management is a beast of a topic. NIST has hundreds of pages of documentation on ways to do it.

http://csrc.nist.gov/groups/ST/toolkit/key_management.html

Key Management involves proper generaton, exchange, storage, rotation, and destruction of keys. You should not use the same key forever (a very common mistake) nor store it improperly.

You should take a look at the NIST guidelines and determine a strategy that works for you and adequately protects your data based on its sensitivity.

这篇关于最佳算法加密/解密字符串&密钥存储方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！