重庆分公司,新征程启航

为企业提供网站建设、域名注册、服务器等服务

撒点盐Salt

Salt is a way to strengthen the security of encrypted data. It is a random string added to the data before it is encrypted, causing repetition of text in the clear to appear different when encrypted. Salt thus removes one method attackers use to steal data, namely, matching patterns of encrypted text.


To add or remove salt from encrypted columns, you again use the ALTER TABLE MODIFY command with either the SALT or NO SALT parameter specified with the ENCRYPT clause. Example 3-3 and Example 3-4 illustrate such commands.


Example 3-3 Adding Salt to an Encrypted Column


ALTER TABLE employee MODIFY (first_name ENCRYPT SALT);
Example 3-4 Removing Salt from an Encrypted Column


ALTER TABLE employee MODIFY (first_name ENCRYPT NO SALT);
To remove salt from an encrypted column before indexing it, use the syntax shown in Example 3-4. This command also re-encrypts the data.




Creating a Table with an Encrypted Column Using a Non-Default Algorithm and No Salt
By default, transparent data encryption adds salt to cleartext before encrypting it. This makes it harder for attackers to steal the data through a brute force attack.


However, if you plan to index the encrypted column, you must use NO SALT. Example 3-6 shows how to specify the NO SALT parameter with the SQL ENCRYPT clause (empID NUMBER ENCRYPT NO SALT). It also shows the syntax for specifying a different encryption algorithm (salary NUMBER(6) ENCRYPT USING '3DES168'). Note that the string which specifies the algorithm must be enclosed in single quotation marks.


Example 3-6 Creating a New Table with an Encrypted Column Using 3DES168 and NO SALT


CREATE TABLE employee (
     first_name VARCHAR2(128),
     last_name VARCHAR2(128),
     empID NUMBER ENCRYPT NO SALT,
     salary NUMBER(6) ENCRYPT USING '3DES168'
);

文章标题:撒点盐Salt
文章位置:http://cqcxhl.com/article/ppgdse.html

其他资讯

在线咨询
服务热线
服务热线:028-86922220
TOP