开发者

Best encryption for large amounts of data (speed is essential)?

I'm relatively new to C# and encryption so please bear with me. I'm working on a business application (in C#, .NET 4.0, VS 2010) that stores quite a lot of data and it must also be capable of reading quite large amounts of data and filter it in order to display it (mostly in datagridview, sometimes just some calculations...). Anyway data needs to be encrypted and it must be possible to encrypt and decrypt only parts of data files (in order to write & read from random positions). Speed is essential (the user should not wait for data to load&display), security comes second. The computer on which this will run will be at least dual core 2.0+ Ghz with at least 2GB RAM.

I thought about using a relatively large (around 1MB) xor pad which will be calculated at runtime. I think that a custom file design in binary combined with xor should provide relatively good security and speed. But now I started thinking about using something stronger, if it is still fast enough, maybe AES (probably .NET implementations: Rijindael or Serpent or Twofish). So what do you think it is best? What do other companies / developers usually use in such cases? How fast / slow is AES? I/O operations are already very slow and I don't know if AES will make things even worse or it maybe won't be even noticed.

Or do you maybe have some other ideas about how to encrypt data fast enough?

p.s. I know that if someone successfully(!) debugs or disassembles the code he can decrypt the data.

EDIT: I'm only developing a custom application for a customer, so I can't force them to have better hardware, I can recommend better hardware. My software will consist mainly of 3 parts, POS, server and some kind of a manager. If you think that my first idea (some kind of a xor) is useless and that I should use some better encryption please at least try to estimate what kind of hardware (minimum) would provide desired results ("fast enough" = decryption should not impact on data display, for instance if 开发者_开发知识库it takes 1s to load the data and display it in datagridview it shouldn't take more than 1,2-1,3s to do the same with decrypting).


security comes second

Do not decide for speed and against security. Try to have them both!

Encryption algorithms like Blowfish or Rijndael/AES are pretty performant (see). Definitely invest in better hardware! Your server setup isn't really state of the art. In fact my notebook has way more power than your server setup ;)

Hardware is much cheaper than developer hours. Stick with standard and well approved encryption techniques! If your hardware is state of the art and you are still facing a bottleneck during encryption/decryption then it's time to wrack one's brain. Not before.

Just my 2 cents.

Update

Definitely recommend your customer to buy better hardware. I can't really give you an answer to "what hardware would be enough" because you didn't really specify which speed is acceptable for which amount of data encryption/decryption (this is just really hard to answer because it depends on so many factors). I would recommend you (or your company) to rent hardware to do performance tests with standard encryption techniques. Once you find an appropriate hardware setup with a good performance for their needs, provide these performance measurements to your customer.


First of all you should investigate if the overhead given by popular algorithms really will be a problem at all. The implementations of the algorithms in .NET are fast and you should expect to be able to process 50 - 400 MB/s of raw data (naturally a very rough figure... smile). If your data-source is SQL queries (which it oftentimes is) you normally have a data source providing data at a much lower rates, thus limiting the performance implication of encryption/decryption.

For details on performance you have to try it out in your application.

I would buy some better hardware and instead focus on key management and other tricky issues - otherwise encryption may be skipped altogether if the setup is too easy to break.


A 2.0 GHz Core2 PC should be able to encrypt or decrypt data with AES at a rate of more than 120 MB/s (one hundred and twenty megabytes per second), using the implementation in OpenSSL, with a single core. That's faster than a modern harddisk or a gigabit ethernet link.

Security-wise, your idea of a reusable "xor pad" is pure junk. Do not do that.


Perhaps this article can help you.

Also, you need to define fast enough... make it measurable since it's a relative term.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜