The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

About Worklog
MySQL Worklogs are design specifications for changes that may define past work, or be considered for future development.

WL#8126: Assert that MySQL uses Advanced Encryption Standard (AES)

Status: Complete

Description
Requirements
High Level Architecture

Executive Summary

This worklog is created to deprecate functions which use following encryption technologies for encryption/decryption in favor of Advanced Encryption Standard (AES) because AES provides better security:

- Encryption/Decryption based on Data Encryption Standard(DES) - Encryption based on Unix crypt() system call

R1. DES_ENCRYPT()/DES_DECRYPT() should be deprecated. Alternatives should be AES_ENCRYPT()/AES_DECRYPT().

R2. ENCRYPT() should be deprecated. Alternative should be AES_ENCRYPT()

I1: Following table lists functions to be deprecated. A deprecation warning will be thrown whenever one of these functions are called. Table also lists replacements for each of these functions and same will be displayed in the warning.

Function to be deprecated	Replacement
DES_ENCRYPT	AES_ENCRYPT
DES_DECRYPT	AES_ENCRYPT
ENCRYPT	AES_ENCRYPT

Note : Functions MD5 and SHA/SHA1 can be used in scenarios unrelated to security where performance is important. e.g. generating SQL statement digest. This functions are not deprecated. RAND() does not use PRNG provided by ssl libraries. However, RAND() is deterministic and is useful because replays are possible. MySQL provides RANDOM_BYTES() which uses PRNG provided by ssl libraries.