locked
AES Modes RRS feed

  • Question

  • Hi,

    Is there any way to change the AES mode in SQL server, to obtain the same ciphertext each time for the same plaintext?

    Many thanks

    Fares.

    Tuesday, November 10, 2015 6:06 AM

Answers

  • I wrote an article quite some time ago that may be useful: http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx. The algorithms I used in this article are quite outdated, so I would strongly recommend against copy-pasting the code, but the general idea is still valid.

    I would also recommend to give it a try to Always Encrypted, which is a new feature in SQL Server 2016 (currently in CTP3, this feature is also available in Azure SQL database).  Always Encrypted natively support deterministic encryption for scenarios where it is necessary to perform equality operations.

    For more information on Always Encrypted please visit:

    Something I would like to emphasize, no matter what approach you use, when using deterministic encryption, you are giving away statistical information about your database, so consider minimizing the usage of such techniques to the minimal possible, and to continue protecting the encrypted columns.

    I hope this information helps,

    -Raul Garcia

    SQL Security


    This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, November 10, 2015 9:45 PM

All replies