md5 has as primary id

06/02/2008, 11h00

Hello,

I have a table filled with sensitive data. I wanted to avoid the
conicidental retrieval or results through "guessing" an id. I
therefore thought of using a md5-hash as the primary id. What
implications will I have as the database fills? Will it be
significantly slower than using a simple integer id, or will there not
be that much of a difference, since it is unique and indexed?

Thanks for your reply
Casper

06/02/2008, 11h17

On 6 Feb, 10:00, "Casper F." <casper.feldm...@googlemail.com> wrote:
> Hello,
>
> I have a table filled with sensitive data. I wanted to avoid the
> conicidental retrieval or results through "guessing" an id. I
> therefore thought of using a md5-hash as the primary id. What
> implications will I have as the database fills? Will it be
> significantly slower than using a simple integer id, or will there not
> be that much of a difference, since it is unique and indexed?
>
> Thanks for your reply
> Casper

It will be lower. How significant this is depends on many factors.

06/02/2008, 11h27

On Feb 6, 11:17 am, Captain Paralytic <paul_laut...@yahoo.com> wrote:
>
> It will be lower. How significant this is depends on many factors.
>

Woudl this be the way of common practice? Is there a better way?

06/02/2008, 12h56

Casper F. <casper.feldmann@googlemail.com> wrote in
<a4751755-8b65-468e-963f-512ab04c09bd@i72g2000hsd.googlegroups.com>:
> I have a table filled with sensitive data. I wanted to
> avoid the conicidental retrieval or results through
> "guessing" an id.

<http://en.wikipedia.org/wiki/Security_through_obscurity>

Leaving aside cryptographic weaknesses of MD5, which I'm not
qualified enough to discuss, if you want to prevent
unauthorised access, check whether the actor requesting the
data has the right to do so.

Burdening the unique ID with the additional semantics of
access authorisation seems fundamentally wrong to me. There
might be very legitimate reasons of communicating a unique
ID of something to a third-party without simultaneously
transferring your access rights to that same party.

> I therefore thought of using a md5-hash as the primary id.
> What implications will I have as the database fills?

First of all, you cannot guarantee that there won't be
collisions, although this is very, extremely,
near-impossibly highly unlikely. Still, 'unlikely' is not a
guarantee. And if you just happen to have two records that
have the same data in the fields you would use for hashing,
guess how loud the resulting KA-BOOM! is going to be.

Secondly, an ID obtained without guessing will allow
unauthorised access unless you implement a real security
model.

If you want your system to be secure, design it that way.

Note that if your data really is sensitive, governmental
regulations may apply, and your proposed security model
probably won't fly by any even semi-competent security
auditor.

--
When all you have is a transformation engine, everything
looks like a tree.

07/02/2008, 16h05

On Wed, 6 Feb 2008 02:00:32 -0800 (PST), Casper F. wrote:
> Hello,
>
> I have a table filled with sensitive data. I wanted to avoid the
> conicidental retrieval or results through "guessing" an id. I
> therefore thought of using a md5-hash as the primary id. What
> implications will I have as the database fills? Will it be
> significantly slower than using a simple integer id, or will there not
> be that much of a difference, since it is unique and indexed?

You'll lose the time you spend calculating those MD5 for every record.

More generally, obscurity is a suboptimal replacement for security. If
your machine is generally otherwise secure, remove select access from
everyone except the role user ID that your front-end application uses,
and have the application manage selecting records based on whatever
rules you've got coded in. If an unauthorized person knows the ID of a
record, they still won't be able to get it, because they won't be able
to convince the application to fetch it for them, won't have access to
the table through another DB user ID, and won't be able to read the file
because they don't have access to the database's files on the host.

--
Every normal man must be tempted at times to spit upon his hands, hoist
the black flag, and begin slitting throats.
-- HL Mencken

06/02/2008, 11h00	#1
Casper F. Messages: n/a Hébergeur:	md5 has as primary id Hello, I have a table filled with sensitive data. I wanted to avoid the conicidental retrieval or results through "guessing" an id. I therefore thought of using a md5-hash as the primary id. What implications will I have as the database fills? Will it be significantly slower than using a simple integer id, or will there not be that much of a difference, since it is unique and indexed? Thanks for your reply Casper

06/02/2008, 11h17	#2
Captain Paralytic Messages: n/a Hébergeur:	Re: md5 has as primary id On 6 Feb, 10:00, "Casper F." <casper.feldm...@googlemail.com> wrote: > Hello, > > I have a table filled with sensitive data. I wanted to avoid the > conicidental retrieval or results through "guessing" an id. I > therefore thought of using a md5-hash as the primary id. What > implications will I have as the database fills? Will it be > significantly slower than using a simple integer id, or will there not > be that much of a difference, since it is unique and indexed? > > Thanks for your reply > Casper It will be lower. How significant this is depends on many factors.

06/02/2008, 11h27	#3
Casper F. Messages: n/a Hébergeur:	Re: md5 has as primary id On Feb 6, 11:17 am, Captain Paralytic <paul_laut...@yahoo.com> wrote: > > It will be lower. How significant this is depends on many factors. > Woudl this be the way of common practice? Is there a better way?

06/02/2008, 12h56	#4
Pavel Lepin Messages: n/a Hébergeur:	Re: md5 has as primary id Casper F. <casper.feldmann@googlemail.com> wrote in <a4751755-8b65-468e-963f-512ab04c09bd@i72g2000hsd.googlegroups.com>: > I have a table filled with sensitive data. I wanted to > avoid the conicidental retrieval or results through > "guessing" an id. <http://en.wikipedia.org/wiki/Security_through_obscurity> Leaving aside cryptographic weaknesses of MD5, which I'm not qualified enough to discuss, if you want to prevent unauthorised access, check whether the actor requesting the data has the right to do so. Burdening the unique ID with the additional semantics of access authorisation seems fundamentally wrong to me. There might be very legitimate reasons of communicating a unique ID of something to a third-party without simultaneously transferring your access rights to that same party. > I therefore thought of using a md5-hash as the primary id. > What implications will I have as the database fills? First of all, you cannot guarantee that there won't be collisions, although this is very, extremely, near-impossibly highly unlikely. Still, 'unlikely' is not a guarantee. And if you just happen to have two records that have the same data in the fields you would use for hashing, guess how loud the resulting KA-BOOM! is going to be. Secondly, an ID obtained without guessing will allow unauthorised access unless you implement a real security model. If you want your system to be secure, design it that way. Note that if your data really is sensitive, governmental regulations may apply, and your proposed security model probably won't fly by any even semi-competent security auditor. -- When all you have is a transformation engine, everything looks like a tree.

07/02/2008, 16h05	#5
Peter H. Coffin Messages: n/a Hébergeur:	Re: md5 has as primary id On Wed, 6 Feb 2008 02:00:32 -0800 (PST), Casper F. wrote: > Hello, > > I have a table filled with sensitive data. I wanted to avoid the > conicidental retrieval or results through "guessing" an id. I > therefore thought of using a md5-hash as the primary id. What > implications will I have as the database fills? Will it be > significantly slower than using a simple integer id, or will there not > be that much of a difference, since it is unique and indexed? You'll lose the time you spend calculating those MD5 for every record. More generally, obscurity is a suboptimal replacement for security. If your machine is generally otherwise secure, remove select access from everyone except the role user ID that your front-end application uses, and have the application manage selecting records based on whatever rules you've got coded in. If an unauthorized person knows the ID of a record, they still won't be able to get it, because they won't be able to convince the application to fetch it for them, won't have access to the table through another DB user ID, and won't be able to read the file because they don't have access to the database's files on the host. -- Every normal man must be tempted at times to spit upon his hands, hoist the black flag, and begin slitting throats. -- HL Mencken

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email