According to mysql document
"Encoding with a 128-bit key length is used, but you can extend it up to 256 bits by modifying the source."
But th开发者_开发问答ey didn't seem to provide instruction where to change. Anyone experience with this situation? which source file should change?
Note: I use these steps to compile.
I found little help from mysql mailing list
file include/my_aes.h
#define AES_KEY_LENGTH 128 /* must be 128 192 or 256 */
as I'm using OpenSuSe 11.1 need to have following tools
sudo zypper install gcc gcc-c++ ncurses-devel
then just compile it by this instruction - here
Credit to LenZ and tripanel.net
It's probably going to be a more maintainable solution to carry out the encryption in the client application.
Moreover, you'll also then get the benefit of then having the data carried over the network encrypted and not sending the key over the network (Of course you can use SSL to connect to mysql to mitigate this anyway).
If this does not seem like a good approach, please post your requirements.
You probably do not want to compile your own mysql binaries; there are more useful things for developers to do than building their own mysql binaries. MySQL / Sun's ones are extensively tested and won't contain performance regressions (we hope).
The mysql AES_ENCRYPT() functions are also potentially not secure because they haven't documented
- How they hash the password into the key
- What cipher mode they use
If they're done in a vulnerable way, the encryption could be very weak. It depends on your use-case whether this matters.
精彩评论