Download eBook (PDF) - Red Gate Software

More documents

Recommendations

Info

7 – One-Way EncryptionPlain TextEnding Hash in the <strong>Red</strong>uction Chain555-86-0622 0x9AEE648230046F795612E1B04171F65CA164E4E1555-86-0623 0x6CCCDD87AC087D7BDD92641EEF44635B6F4B7943555-86-0624 0x8432814F76099E8EEE0BAA67F39CC44D5F254405555-86-0625 0x277847607C4D9984C636628418FDFAEBA26B8B34555-86-0626 0xE86571ACB27E193820DCEA9556F7556771F50D26Table 7-1: The rainbow table.Each of the final reduction chain link hash values in the rainbow table iscompared to the hash values stored in the Borrower_Identificationtable. This step is basically identical to a dictionary attack. In our specificexample, the result of this stage does not indicate a successful match for any ofour ending hashes.In the next stage of the attack, we revisit the process that created our endinghash: the chain reduction process. In our example, the reduction chain wasgenerated based on the first six digits of each hash. In the execution of thisattack we reverse the reduction chain by taking the first six digits of the hashedvalue that is the subject of our attack. Each subsequent link in the reversedreduction chain is compared to the ending hash that is stored in the rainbowtable. In our case, a successful match occurs for the plain text value of "555-86-0625".Much like a dictionary attack, a rainbow table attack can be reasonablymitigated through the use of a salt on your plain text, prior to applying the onewayencryption. These attacks rely on the perpetrator having anticipated aseries of plain text values, hashing these values and then comparing theresulting hashes to the values stored within the database. The use of a saltincreases the complexity of the plain text and reduces the likelihood that theanticipated value is among the plain text values sought by the attacker.Additional details regarding salting, as well as a specific example of using asalt with the HomeLending database, will be provided later in this chapter.Hash Collision VulnerabilityA hash collision occurs when two unique plain text values produce an identicalhash value. An example would be both"555-86-1234" and "555-86-5298"153
7 – One-Way Encryptionreturning the identical hash value. Since a value secured using one-wayencryption is not decrypted, and its underlying plain text is revealed throughthe comparison of hash values, a hash collision presents a situation in which theactual plain text value cannot be determined.The algorithm selected for the encryption process is critical in reducing thelikelihood of hash collisions. Algorithms that produce lengthy hashes increasethe array of possible values, and so reduce the probability of a hash collision.Of course, the larger the volume of records to which these algorithms areapplied, the higher is the risk of a hash collision. A mathematic problem called"The Birthday Paradox" is commonly referenced as a formula that can beused to determine the probability of hash collisions. While not specific todetermining the probability of hash collisions, the Birthday Paradox formulacan be modified to provide this information.For those who are not mathematics or statistics majors, let's boil this issuedown to its basics:The possible unique combination of values for a single bit is 2 since a bit iseither a 1 or a 0. The possible unique combination of values for a single byte,which is eight bits, would be 256, represented as 2 8 . The algorithm options thatare provided with one-way encryption return either a 128 bit or a 160 bit hashvalue. The possible unique combination of a 128 bit hash would be340,282,366,920,938,460,000,000,000,000,000,000,000, represented as 2 128 .The possible unique combination of a 160 bit hash would be1,461,501,637,330,902,900,000,000,000,000,000,000,000,000,000,000,represented as 2 160 .In order for the possibilities of a hash collision to occur in theIdentification_Value column of the Borrower_Identificationtable, using a 128 bit algorithm, to reach a meager 0.1% it would require avolume of 830,000,000,000,000,000 records; each containing a unique plaintext value.There are other factors that come into play that have influence on the actualpossibilities of a hash collision, such as the internal processing that takes placewithin the algorithm. Regardless, the vulnerability for the occurrence of a hashcollision is real and should be carefully considered.With the selection of the hashing algorithm, inclusion of a salt prior toencryption, and by avoiding use of one-way encryption in tables that have anextremely high volume of rows, the potential vulnerabilities of the techniquecan be mitigated, and it becomes a worthy option to consider when protectingsensitive data.154
Page 1:
High Performance SQL ServerProtecti
Page 4 and 5:
Table of ContentsAbout the Author .
Page 6 and 7:
Protection via Normalization ......
Page 8 and 9:
Views and Stored Procedures .......
Page 10 and 11:
Numeric Variance ..................
Page 12 and 13:
Key_ID ............................
Page 14 and 15:
ACKNOWLEDGEMENTSBooks are not writt
Page 16 and 17:
IntroductionIn all cases, the conse
Page 18 and 19:
Introduction"lost key" displaced by
Page 20 and 21:
CHAPTER 1: UNDERSTANDINGSENSITIVE D
Page 22 and 23:
1 - Understanding Sensitive DataSen
Page 24 and 25:
1 - Understanding Sensitive Datatyp
Page 26 and 27:
1 - Understanding Sensitive DataFor
Page 28 and 29:
1 - Understanding Sensitive DataAcc
Page 30 and 31:
1 - Understanding Sensitive DataThi
Page 32 and 33:
1 - Understanding Sensitive Datarep
Page 34 and 35:
1 - Understanding Sensitive DataThe
Page 36 and 37:
1 - Understanding Sensitive Datathe
Page 38 and 39:
CHAPTER 2: DATACLASSIFICATION AND R
Page 40 and 41:
2 - Data Classification and Rolespr
Page 42 and 43:
2 - Data Classification and RolesDe
Page 44 and 45:
2 - Data Classification and RolesCr
Page 46 and 47:
2 - Data Classification and RolesLi
Page 48 and 49:
2 - Data Classification and Roles--
Page 50 and 51:
2 - Data Classification and RolesAl
Page 52 and 53:
2 - Data Classification and Rolesdo
Page 54 and 55:
2 - Data Classification and RolesTo
Page 56 and 57:
2 - Data Classification and Rolesaf
Page 58 and 59:
2 - Data Classification and RolesTh
Page 60 and 61:
2 - Data Classification and RolesSe
Page 62 and 63:
2 - Data Classification and RolesWi
Page 64 and 65:
3 - Schema Architecture StrategiesF
Page 66 and 67:
3 - Schema Architecture Strategiesp
Page 68 and 69:
3 - Schema Architecture StrategiesN
Page 70 and 71:
3 - Schema Architecture StrategiesA
Page 72 and 73:
3 - Schema Architecture StrategiesD
Page 74 and 75:
3 - Schema Architecture StrategiesU
Page 76 and 77:
3 - Schema Architecture Strategiesb
Page 78 and 79:
3 - Schema Architecture StrategiesU
Page 80 and 81:
3 - Schema Architecture StrategiesF
Page 82 and 83:
3 - Schema Architecture Strategies
Page 84 and 85:
3 - Schema Architecture StrategiesS
Page 86 and 87:
4 - Encryption Basics for SQL Serve
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
5 - Cell-Level Encryptionthe encryp
Page 104 and 105: 5 - Cell-Level EncryptionSearching
Page 106 and 107: 5 - Cell-Level EncryptionPreparing
Page 108 and 109: 5 - Cell-Level EncryptionUSE HomeLe
Page 110 and 111: 5 - Cell-Level Encryptionself-signe
Page 112 and 113: 5 - Cell-Level Encryptionwithin SQL
Page 114 and 115: 5 - Cell-Level EncryptionTesting th
Page 116 and 117: 5 - Cell-Level Encryptioncolumn. Cu
Page 118 and 119: 5 - Cell-Level EncryptionFROMdbo.Bo
Page 120 and 121: 5 - Cell-Level Encryptioncolumn con
Page 122 and 123: 5 - Cell-Level Encryptionthat is a
Page 124 and 125: 5 - Cell-Level EncryptionBEGIN TRY-
Page 126 and 127: 5 - Cell-Level Encryption);)@Identi
Page 128 and 129: 5 - Cell-Level Encryption• The sc
Page 130 and 131: 6 - Transparent Data EncryptionHow
Page 132 and 133: 6 - Transparent Data EncryptionCons
Page 134 and 135: 6 - Transparent Data Encryptionand
Page 136 and 137: 6 - Transparent Data EncryptionNoti
Page 138 and 139: 6 - Transparent Data EncryptionUSE
Page 140 and 141: 6 - Transparent Data EncryptionThe
Page 142 and 143: 6 - Transparent Data EncryptionGONO
Page 144 and 145: 6 - Transparent Data Encryptionand
Page 146 and 147: 6 - Transparent Data EncryptionUSE
Page 148 and 149: CHAPTER 7: ONE-WAYENCRYPTIONAs a ch
Page 150 and 151: 7 - One-Way EncryptionBenefits and
Page 152 and 153: 7 - One-Way Encryption• A match i
Page 156 and 157: 7 - One-Way EncryptionReducing Vuln
Page 158 and 159: 7 - One-Way EncryptionUse HomeLendi
Page 160 and 161: 7 - One-Way EncryptionEXEC sp_addex
Page 162 and 163: 7 - One-Way EncryptionLater in this
Page 164 and 165: 7 - One-Way EncryptionUSE HomeLendi
Page 166 and 167: 7 - One-Way EncryptionWHEREBorrower
Page 168 and 169: 7 - One-Way Encryption-- Return Sea
Page 170 and 171: 7 - One-Way EncryptionEXECUTE AS US
Page 172 and 173: CHAPTER 8: OBFUSCATIONHalloween is
Page 174 and 175: 8 - Obfuscation• Artificial Data
Page 176 and 177: 8 - ObfuscationHowever, not all val
Page 178 and 179: 8 - ObfuscationRepeating Character
Page 180 and 181: 8 - ObfuscationASSELECTdbo.Characte
Page 182 and 183: 8 - ObfuscationGO181
Page 184 and 185: 8 - ObfuscationSET Identification_V
Page 186 and 187: 8 - ObfuscationThe Purpose_Type_ID
Page 188 and 189: 8 - ObfuscationArtificial Data Gene
Page 190 and 191: 9 - Honeycombing a DatabaseUse Home
Page 192 and 193: 9 - Honeycombing a DatabaseUSE Mast
Page 194 and 195: 9 - Honeycombing a DatabaseLog Item
Page 196 and 197: 9 - Honeycombing a Databaseto 127.
Page 198 and 199: 9 - Honeycombing a Databaseavailabl
Page 200 and 201: 9 - Honeycombing a DatabaseAvoid SQ
Page 202 and 203: 10 - Layering SolutionsDesign for P
Page 204 and 205:
10 - Layering SolutionsObfuscationU
Page 206 and 207:
10 - Layering SolutionsThe completi
Page 208 and 209:
APPENDIX A: VIEWS ANDFUNCTIONS REFE
Page 210 and 211:
Appendix A - Views and Functions Re
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
APPENDIX B: THE HOMELENDINGDATABASE
Page 230 and 231:
Appendix B - The HomeLending databa
Page 232:
About Red GateYou know those annoyi
show all

Download eBook (PDF) - Red Gate Software

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?