调整mySql列的容量以加密数据 - 多少? [英] Resize mySql columns to accomodate encrypted data - how much?
问题描述
我的表是InnoDB
CodeIgniter(3.x)用作构建PHP应用程序的框架。我的计划是加密一些数据,使用CodeIgniter(3.x)加密类
来增强安全性。
我使用AES-256,我的加密密钥的长度是32字节(字符)
将要加密的列目前是类型varchar(255)。我正在考虑增加这个值,但我不知道多少钱。
任何sugestions?
这真的归结于你打算使用的操作模式。 AES是块大小为128位的块密码。也就是说,128位的明文结果是128位的密文。
然而...
操作像ECB和CBC 要求输入数据是块大小的倍数。所以,如果你想加密只有112位的明文,那么你的明文必须首先被填充为块大小的倍数(例如,我们添加2个字节的填充)。这通常由AES实现自动完成,但这意味着您的明文的长度在加密时可以增加多达16个字节。
操作模式像CTR和CFB将块密码转换成流密码。填充不需要流密码,所以112位的明文被加密到112位的密文。
您还需要考虑是否需要添加IV /随机数。通常这是一个16字节的值,但GCM和CTR模式可以有所不同。我相信默认是12个字节,但是我可能会误会。
保持以上的想法,假设您要加密的任何数据小于或等于您的原始255字节限制,您将需要:
-
对于ECB,将限制增加到256字节(16的完美倍数字节)。
-
对于CBC,将限制增加到256 + 16字节(对于IV)。
-
对于将AES转换为流密码(CTR,CFB等)的模式,数据量可以相同(255字节),但是需要为您的随机数腾出空间,我认为通常是12个字节。您需要确认这一点。
I have mySql database which use utf8_general_ci encoding. My tables are InnoDB
CodeIgniter(3.x) is used as framework to build the php application. My plan is to encrypt some of the data, using the CodeIgniter(3.x) encryption class for enhanced security.
I use AES-256 and the length of my encryption key is 32 bytes (characters)
Most of the columns that will be encrypted is currently of type varchar(255). I am considering increasing this value, but I don't know for how much.
Any sugestions?
This really comes down to the mode of operation you intend to use. AES is a block cipher with a block size of 128 bits. That is, 128 bits of plaintext results in 128 bits of ciphertext.
However...
Modes of operation like ECB and CBC require that the input data is a multiple of the block size in length. So if, for example, you want to encrypt only 112 bits of plaintext, then your plaintext must first be padded to be a multiple of the blocksize (e.g. we add 2 bytes of padding). This is usually done automatically by the AES implementation, but it does mean that the length of your plaintext, when encrypted, can increase by up to 16 bytes.
Modes of operation like CTR and CFB turn block ciphers into stream ciphers. Padding is not required for stream ciphers, so 112 bits of plaintext is encrypted to 112 bits of ciphertext.
You also need to consider the need to prepend an IV/nonce. Normally this is a 16 byte value, but GCM and CTR mode can vary. I believe the default is 12 bytes, but I may be mistaken.
Keeping the above in mind, and assuming any data you wish to encrypt is less than or equal to your original 255 byte limit, you will need to:
For ECB, increase the limit to 256 bytes (a perfect multiple of 16 bytes).
For CBC, increase the limit to 256 + 16 bytes (for the IV).
For modes that turn AES into a stream cipher (CTR, CFB etc.), the data amount can be the same (255 bytes), but you will need to make room for your nonce, which I think is normally 12 bytes. You'll need to confirm this.
这篇关于调整mySql列的容量以加密数据 - 多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
