Flaws in custom data encryption
November 28th, 2007
Are you going to do custom creation for data encryption. You must think before you do any thing. The draw backs are as follow.
- Unless you are an encryption expert, odds are any encryption system you create from scratch will not provide more than a trivial level of protection. Unsalted, one-way password hashes or “ROTx” forms of encryption are easily defeated with a little work.
- If your encryption breaks due to your own incompetence, then your data is ruined. You did keep unencrypted backups of everything, right? (And even if you did, isn’t that a security hole right there?)
- It’s scarcely worth your time when there are professional-level, industrial-strength encryption solutions available off the shelf. Devote your time to building a good, solid database, not reinventing the wheel.