| Encryption Method |
Algorithm/ KeySize |
Length, bytes |
Time for 1,000 Rows, secs. |
| Plaintext |
Cyphertext |
Encryption |
Decryption |
| HashBytes |
SHA-1* |
20 |
20 |
0.017 |
N/A |
| HashBytes |
MD-5 |
20 |
16 |
0.022 |
N/A |
| HashBytes |
MD-2 |
20 |
16 |
0.062 |
N/A |
| PassPhrase |
23-byte pwd* |
16 |
40 |
1.109 |
1.203 |
| PassPhrase |
46-byte pwd |
16 |
40 |
1.109 |
1.109 |
| Certificate |
DBMaster* |
16 |
128 |
2.484 |
24.421 |
| Symmetric Key |
Triple-DES* |
16 |
56 |
1.125 |
1.125 |
| Symmetric Key |
AES-128 |
16 |
64 |
1.125 |
1.125 |
| Symmetric Key |
AES-256 |
16 |
64 |
1.141 |
1.125 |
| Asymmetric Key |
RSA-2048* |
16 |
256 |
3.062 |
101.144 |
| Asymmetric Key |
RSA-1024 |
16 |
128 |
2.406 |
22.952 |
| Asymmetric Key |
RSA-512 |
16 |
64 |
2.234 |
11.640 |
Table 1 Select Encryption Algorithms for Security and Performance
This table reports encryption and decryption time in seconds for 1,000 rows of 16-digit credit card numbers as a function of the encryption method and algorithm and, where applicable, the PassPhrase or key length. Tests were run with the SQL Server 2005 shared memory provider on a 2.6-MHz Pentium 4 PC with 1 GB of RAM. One-way hash indexes created with the HashBytes function are the fastest encryption method, but they don't provide data decryption. Two-way encryption with certificates or asymmetric keys is the slowest method and isn't recommended for processing large amounts of data. Symmetric encryption, which SQL Server uses for service and database master keys, delivers the best compromise of data security, resource consumption, and performance. Encryption algorithms and key sizes marked with an asterisk (*) are the defaults.
|