Download eBook (PDF) - Red Gate Software

7 – One-Way EncryptionUse HomeLending;GOGRANT EXECUTE ON dbo.GetHashSaltTO Sensitive_high, Sensitive_medium;GOListing 7-2: Granting permissions to the GetHashSalt UDF.Specific examples of the application of a salt, with the HomeLendingdatabase, will be illustrated in the following one-way encryptiondemonstration.Implementing One-Way EncryptionUsing the HomeLending database, we will implement one-way encryption.For simplicity and clarity, we will focus on theBorrower_Identification table and we will assume that themodifications to the Borrower_Identification table andIdentification_Value column, which were outlined in Chapter 5, eitherhave been reversed through a backup file restore, or not implemented.The steps we will follow are as follows:1. Always backup your database prior to implementing any method ofprotection. Details regarding this process are covered in Chapter 6.2. Create the primary varbinary hash column to store the hashedvalues of the Identification_Value column. This hashed columnmust only be accessible to members of the Sensitive_highdatabase role.3. Create a secondary version of the hash column that stores truncatedhash values of the underlying plain text, in order that lower-privilegeroles can still perform searches based on the values contained in theprimary hash column.4. Salt the values stored in the Identification_value column,using the GetSaltHash UDF created in Listing 7.1, and then hashthe values, using the HashBytes method, and populate the hashcolumns.5. Test and verify our new one-way encryption architecture.6. Drop the original plain-text Identification_Value column.157