Mysql – If database is compromised and downloaded, does it matter if user passwords are hashed

encryptionMySQLSecurity

I'm currently implementing as much security into a web app as possible, but I can't stop thinking about the database itself. For all the security I implement, such as salting and hashing passwords in the users table, if hackers manage to download the database entirely (by getting access to the server for example), they'll be able to see all the data in the entire database?

I've been reading about all the database breaches of well-known brands within the past couple of years, and that these databases are for sale on the dark web.

I understand hashing passwords will slow down / stop hackers having access to plain text login credentials that may be the same for other websites the user has signed up to, but my question is, what about the personal information stored in the database that isn't hashed. Like which products you've bought over the past couple of years, or your employment history, or your contacts, or something really embarrassing such as which adult websites you've visited and/or bookmarked.

Considering you can't hash a user's email address if it's being used as part of the login credentials, some hacker could query the database using the userID for example, get personal information from other tables, and then send a blackmail email to that user.

The two potential solutions I can think of are:

Encrypt as much of the information in the database as possible – but can't encrypt it all otherwise we wouldn't be able to perform quick insight queries on our user base for example.
Encrypt the actual database file itself on the server, so if it were downloaded, they wouldn't be able to have access without knowing the key.

So, 1 isn't much of a solution because I can't encrypt everything. And would 2 actually work i.e. would a web app using django for example be able to write to the database if its root file on the server was an encrypted file? I know MS SQL Server has an always-encrypted feature, but I'm using MySQL.

Sorry for the essay-length question – my head is spinning with all sorts of possibilities, and it's driving me nuts!

Thank you!

Best Answer

There are two concepts at play here:

Data at rest
Data in motion

Data at rest

As you correctly noted, if someone gets access to your database and the data itself is not encrypted, then hashing and salting passwords makes no difference.

Encrypt the actual database file itself on the server, so if it were downloaded, they wouldn't be able to have access without knowing the key.

You should enable on-disk encryption in some way or form. SQL Server offers Transparent Data Encryption (TDE), where as soon as data leaves memory and is persisted to storage, it is encrypted. This is called "encryption at rest".

This feature may not be available in your RDBMS, so you might rely on the storage vendor's on-disk encryption. Otherwise, you can investigate file-system level encryption.

The important thing is to keep the database administrators away from the encryption keys, and to ensure that database backups are handled with the same security considerations as the database server.

Data in motion

As for your question around applications having access to encrypted data, this is handled differently. I'll return again to SQL Server because that's what I know.

Encrypt as much of the information in the database as possible - but can't encrypt it all otherwise we wouldn't be able to perform quick insight queries on our user base for example.

The application uses a certificate to connect to the server, so that only it can see the data it has access to. It's called Always Encrypted, and unless someone has that certificate, the data remains inaccessible.

The database server you end up using should take these two concepts into account. Here's the documentation for SQL Server, but the other more established players should have similar features.

Related Solutions

MySQL encryption

Check out this tutorial: http://techpad.co.uk/content.php?sid=82

Also you can listen to OurSQL podcast about Mysql and how to encrypt data.

Finaly you have an one hour video about you want right here.

And, of course you have read the MySQL Reference already right?

Postgresql – Database encryption and key management with pg_crypto

Note that I am not a crypto systems or security expert. This is what I've seen done and it makes sense, but I cannot claim it doesn't have security issues beyond what I outline below. As always, get a proper security audit if it's important.

In the following, "credential" can refer to ssh keys, passwords, or whatever needs storing.

The typical model is to use a couple of levels of crypto.

For each user, generate and store a public/private keypair
Store the public part of the user's key in the clear in the user's record
Store the private part of the user's key encrypted to the user's passphrase in the user's record.
Encrypt each credential to a symmetric key that's unique to that credential
Encrypt each credential's symmetric key to the public key of every user who should have access to that key, and store the resulting encrypted material in a user_credentials mapping table.

Essentially, you maintain a keyring, much like the gpg keyring where the public part is in cleartext and the private part is encrypted to a passphrase. You should make sure the passphrase selected by each user is strong.

Now you can generate a symmetric key for each encrypted credential. Encrypt this key to every user's public key and store it in a user-credentials join table. Never store this symmetric key unencrypted, and use a different symmetric key for each credential.

You land up with something like this

[user]
user_id
username
login_password_salt
login_password_hash
public_key_text
private_key_sym_encrypted_to_passphrase

[user_credential]
user_id
credential_id
credential_key_encrypted_to_user_public_key

[credential]
credential_id
credential_data_encrypted_to_credential_key

There are quite a few advantages to doing things this way:

If a dump of your database is leaked your credentials are still safe, or as safe as your passphrases and key strengths.
Since you have a different symmetric key for each credential you can control which users have access to which credentials
Any user with access to a given credential can give another user access to it; they just decrypt it using their key and encrypt it to the other user's public key. You don't need to get everybody together to add credentials or add new users.
Because you're encrypting each credential to a symmetric key, and then encrypting that key to the user's key, you can change the stored credential without having to re-encrypt it to each user's key. It just makes updating stored credentials more convenient.

However, if the database host is compromised, an attacker can easily extract the passwords any given user has access to as soon as that user logs in. They capture the user's passphrase by wrapping functions or by enabled detailed logging and searching the logs. Then they can decrypt passwords in a stolen dump or from the live DB. A compromised database host is no danger until a user logs in to use it but then all is lost.

This means that the host of the database is security critical. Leaking the dump isn't fatal to security, but someone being able to modify the code running on the DB is a fatal security breach.

In addition to using your credentials management DB to extract ssh key material, passwords, etc when you need it, you can also use it as an authentication proxy where it can auth against a service without your user having to ever be able to learn the credential used. For example, your app might decrypt an ssh key, add it to an ssh agent, and use the decypted key to log in to a server via the agent without the user ever being able to see and access the key directly.