I have been looking for a simple encryption/decryption class for storing information in the database. Trouble is I have no clue what I'm looking at half the time, so I really don't know if what I find is really all that worth implementing for what I need, whether it be over-complex or too easy to crack.
我一直在寻找一个简单的加密/解密类来存储数据库中的信息。麻烦的是,我有一半时间都不知道我在看什么,所以我真的不知道我发现的东西是否真的值得我去实现,不管它是过于复杂还是太容易破解。
I have brain stormed about it for a bit, my first thought-train leading to a simple "switch, add, multiply" key for the ACII Values, but I think that wouldn't really be worth it after seeing what encryption classes actually are.
我脑子里对它有了一些想法,我的第一个想法导致了对ACII值的一个简单的“开关、添加、相乘”键,但是我认为在看到加密类的实际情况后,这真的不值得。
Essentially I'm looking for a key that encrypts any and all data (including table and column names) on storage, and decrypts on withdrawal. But like I said, doesn't need to be too complex, but if someone does want to access the data, they have to earn it haha.
本质上,我正在寻找一个密钥,该密钥对存储上的任何和所有数据(包括表和列名)进行加密,并在提取时解密。但是就像我说的,不需要太复杂,但是如果有人想要访问这些数据,他们就必须去争取,哈哈。
Can anyone suggest a good link/provide a simple class for what I'm looking for? It could possibly be something I have found before, but like I said, I haven't the faintest as to what I'm looking at half the time
有没有人能给我推荐一个好的链接/提供一个简单的课程来满足我的需要?这可能是我以前找到过的东西,但就像我说的,我有一半时间都没有看到过什么
Thanks in advance!
提前谢谢!
Pre-emptive Edit I know some Databases have their own encrypt/decrypt methods, but I figure this is the easiest way to implement it because I will be working will multiple different database programs.
我知道有些数据库有自己的加密/解密方法,但我认为这是实现它的最简单的方法,因为我将处理多个不同的数据库程序。
1 个解决方案
#1
2
AES 256 is (while potentially overkill) a very secure encryption algorithm. Microsoft provides an implementation in System.Security.Cryptography and the example at MSDN is a great place to get started.
AES 256是一种非常安全的加密算法(尽管可能有些过分)。微软在System.Security中提供了一个实现。密码学和MSDN上的示例是一个很好的起点。
I've used this for database encryption and it works just fine.
我已经将它用于数据库加密,它工作得很好。
Since you said you are new to encryption, I will try to touch on what encryption does, and doesn't do for you. Encryption takes normal data (ie. ("My private string")) and turns it into random data (bunch of bytes), only reversible by knowing the private key (in AES 256). Data, since it is different between cells, and likely private/important information is a good thing to encrypt.
既然你说你对加密不熟,我就试着谈谈加密有什么作用,它对你没有什么作用。加密需要正常的数据。(“我的私有字符串”))并将其转换为随机数据(一串字节),只有通过知道私钥(在AES 256中)才能可逆。由于数据在单元格之间是不同的,而且可能是私有/重要的信息,所以对数据进行加密是一件好事。
Your database schema is constant, so encryption is only minimally useful here. The difference between calling a table "Names" and "A" and "oiaeoriuojdklfjsad" (this last is an example "encryption") is minimal. This is what is meant by "security by obfuscation". You could argue that choosing a random name is slightly more secure than a descriptive one, but it is really just going to confuse you when you try to use it, and the real "gold" a hacker will want is the data anyways. Knowing what kind of data it is isn't really going to help if it's going up against a good encryption algorithm.
您的数据库模式是常量,因此加密在这里的用处很小。将表命名为“名称”和“a”和“oiaeoriuojdklfjsad”(最后一个例子是“加密”)之间的区别很小。这就是所谓的“模糊的安全”。你可能会说,选择一个随机的名字比选择一个描述性的名字要安全一些,但是当你尝试使用它的时候,它真的会让你感到困惑,而黑客真正想要的“金”是数据。如果它与一个好的加密算法相冲突,那么知道它是什么类型的数据并没有真正的帮助。
#1
2
AES 256 is (while potentially overkill) a very secure encryption algorithm. Microsoft provides an implementation in System.Security.Cryptography and the example at MSDN is a great place to get started.
AES 256是一种非常安全的加密算法(尽管可能有些过分)。微软在System.Security中提供了一个实现。密码学和MSDN上的示例是一个很好的起点。
I've used this for database encryption and it works just fine.
我已经将它用于数据库加密,它工作得很好。
Since you said you are new to encryption, I will try to touch on what encryption does, and doesn't do for you. Encryption takes normal data (ie. ("My private string")) and turns it into random data (bunch of bytes), only reversible by knowing the private key (in AES 256). Data, since it is different between cells, and likely private/important information is a good thing to encrypt.
既然你说你对加密不熟,我就试着谈谈加密有什么作用,它对你没有什么作用。加密需要正常的数据。(“我的私有字符串”))并将其转换为随机数据(一串字节),只有通过知道私钥(在AES 256中)才能可逆。由于数据在单元格之间是不同的,而且可能是私有/重要的信息,所以对数据进行加密是一件好事。
Your database schema is constant, so encryption is only minimally useful here. The difference between calling a table "Names" and "A" and "oiaeoriuojdklfjsad" (this last is an example "encryption") is minimal. This is what is meant by "security by obfuscation". You could argue that choosing a random name is slightly more secure than a descriptive one, but it is really just going to confuse you when you try to use it, and the real "gold" a hacker will want is the data anyways. Knowing what kind of data it is isn't really going to help if it's going up against a good encryption algorithm.
您的数据库模式是常量,因此加密在这里的用处很小。将表命名为“名称”和“a”和“oiaeoriuojdklfjsad”(最后一个例子是“加密”)之间的区别很小。这就是所谓的“模糊的安全”。你可能会说,选择一个随机的名字比选择一个描述性的名字要安全一些,但是当你尝试使用它的时候,它真的会让你感到困惑,而黑客真正想要的“金”是数据。如果它与一个好的加密算法相冲突,那么知道它是什么类型的数据并没有真正的帮助。