Hi, Thanks for your reply,
For my tests I used the blob field (not varchar or anything else), but compared to your tests, I didn't use MySQL 5.0.6 (as it's still a beta) but I used MySQL 4.1. Maybe that's part of the problem, although I'm not sure. So it's really quite strange, but so far I solved it by limiting the number of characters by 256 in my application, but ofcourse that's not ideal... Thanks, Martin -----Oorspronkelijk bericht----- Van: Gleb Paharenko [mailto:[EMAIL PROTECTED] Verzonden: woensdag 15 juni 2005 14:31 Aan: mysql@lists.mysql.com Onderwerp: Re: AES Encryption Hello. > Also, while testing I experienced that inputting something like more > the 255 characters with AES_Encrypt, the AES_Decrypt function doesn't give > back more then 255 characters. Is this correct, or am I doing something > wrong here? AES_ENCRYPT works properly on my MySQL 5.0.6. You can see that it AES_DECRYPT returns 1000 characters. Is it possible that you have used varchar fields in testing? mysql> insert into test.a set a=aes_encrypt(repeat('b',1000),'key'); Query OK, 1 row affected (0.00 sec) mysql> select length(aes_decrypt(a,'key')) from test.a; +------------------------------+ | length(aes_decrypt(a,'key')) | +------------------------------+ | 1000 | +------------------------------+ 1 row in set (0.00 sec) mysql> show create table test.a\G; *************************** 1. row *************************** Table: a Create Table: CREATE TABLE `a` ( `a` blob ) ENGINE=MyISAM DEFAULT CHARSET=cp1251 COLLATE=cp1251_bin > I think of using AES Encryption for some time now, because it seems to > be > the most secure encryption method in MySQL at this moment and table > encryption of some sort is not possible. In the documentation I read > BLOB > fields are recommended for storage of data with AES_Encrypt, otherwise > you > might lose data. Does this method of storing data with encryption in > BLOB > fields also have disadvantages (besides speed and queries being > longer), > like how much bigger will the data get? > > > > Also, while testing I experienced that inputting something like more > then > 255 characters with AES_Encrypt, the AES_Decrypt function doesn't give > back > more then 255 characters. Is this correct, or am I doing something > wrong > here? > > > > I intent to use the EAS encryption functions for a webbased student > administration system which stores data like student names, > addresses, > results, etc, and because some of the data is quite important, like > addresses and results (may not be changed or viewed by unauthorized > persons) > and the database environment is not of high security (shared host, > because > of costs) I intend to use these encryption functions. Do you also > have some > recommendations on if I'm doing the most reasonable thing here to use > the > AES encryption? And a question I always had is where to store the > keys? > Currently I'm thinking somewhere in the webapplication source code, > but I'm > not so sure about this. > > >"Martin" <[EMAIL PROTECTED]> wrote: -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.NET http://www.ensita.net/ __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Gleb Paharenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.NET <___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]