3

I am using the ActiveRecord serialize method with a class of my own, AESCoder. This will uses aes-256-cbc with a random initialization vector every time. This initialization vector is prepended to the field when I store it in the database, and is of course extracted before deserializing.

Now, this scheme prevents me from using any finders on those attributes. I have to select all the rows I need, which will be automatically decrypted, and the perform a ruby select on the item list. This is, of course, a huge performance bottleneck, which I can't afford for this application.

One solution would be not to use a random IV, but then aes-256-cbc wouldn't be as secure any more.

Am I overlooking something here?

Improve this question
4
  • Is there a good reason why you want to encrypt individual enties in the database? Why don't you put the database on an encrypted filesystem, for example? Commented May 18, 2012 at 18:31
  • My app is on Heroku. I don't have control over the filesystem. Commented May 18, 2012 at 20:14
  • I don't know Heroku, but to ask my question in a slightly different way: What is the attack scenario that you are trying to guard against by encrypting your data? Is your concern that someone else could gain root on the system that your app is running on? SQL injection errors that let external users gain access to your database records? Something else? Your solution should be tailored to the nature of your threat. Commented May 18, 2012 at 20:39
  • Quite frankly, I'm merely facing contratual obligations here. I am aware of the different attack vectors, and I am aware that if someone gains control over the application server, the key is there in plain sight. I am trying to mitigate the huge amount of overhead that I'm facing right now with each query, that's all. Commented May 18, 2012 at 20:42

1 Answer 1

Reset to default
2
+200

As others have noted, there will be no way around the need to decrypt rows you want to search through. Still you might improve performance by letting Postgres do the heavy lifting with the help of its pgcrypto extension, instead of selecting everything and sorting it out on the application layer.

Heroku recently started offering Postgres 9.1 and seems to support pgcrypto. According to the blog post, you may have to migrate your database in order to be switched over to Postgres 9.1.

Please note that Herokus paid 'shared database' plans still seem to run on Postgres 8 and do not support pgcrypto yet, but are supposed to be upgraded shortly. Postgres 9 introduced a new way to enable and use extensions that makes it easier to offer them in a shared hosting environment.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Doing the encryption and decryption on the database sever will not address the bulk of the performance issues and makes the system insecure. If the database server is compromised, than the attacker has the key. Database server compromise is really the only thing that encryption defends against anyway, so at that point why bother at all? In this case you still have to pay the bulk of the performance cost: decrypting the data. All you have done is save the cost of transmitting it across the network
@imichaelmiers as you wrote earlier, "[..] my understanding is its likely that if your database server is rooted, its likely your app is as well.". I agree with you there. At some point, your key and your data will exist in readable, unencrypted form - be it in the app server, or on the DB server. While using Postgres to handle the encryption is certainly not a panacea, it still might provide with a sizable performance benefit: less slow network traffic, less slow Ruby object instantiation and less slow Ruby operations. The performance gains depend on the amount of rows selected.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.