Working With AES_DECRYPT/ENCRYPT

partypete

Hello,

I'm setting up a user management system using to AES_ENCRYPT to secure the users' passwords. I just want to be clear on a couple things before I go and mess things up! 🙂

1) Is it ok to store these in a varchar field?

2) This is written at the top of the MySQL Manual's encryption page:

"If you want to store results from an encryption function that might contain arbitrary byte values, use a BLOB column rather than a CHAR or VARCHAR column to avoid potential problems with trailing space removal that would change data values."

Do I have to worry about this when using AES_ENCRYPT/DECRYPT? What is an "arbitrary byte value"? Should I use a BLOB instead of a varchar field?

Basically I'm just worried about storing and retrieving the passwords and what could go wrong in the process. I don't want corrupted information because certain characters go missing because I'm storing the information in the wrong type of field, or have the information get truncated etc.

Thanks for any help or tips for working with aes_encrypt/decrypt!

Peter ----- This worries me, I'm not sure I understand when there'll be padding, added, if it'll be corrupted in a varchar field etc...... (from Mysql Manual):

"Because AES is a block-level algorithm, padding is used to encode uneven length strings and so the result string length may be calculated as 16*(trunc(string_length/16)+1). If AES_DECRYPT() detects invalid data or incorrect padding, it returns NULL. However, it is possible for AES_DECRYPT() to return a non-NULL value (possibly garbage) if the input data or the key is invalid."

partypete

Actually to play it safe, I've changed my password field from a varchar to a tinytext. This should eliminate the dangers of spaces/characters being stripped and corrupting the encrypted data.

I think that's all I need to be concerned about.

Thanks.