Darn My Amnesia! I Forgot my Password.
What happens when you insert your data in an encrypted form and then forget the password that you used for encryption? In short, you are out of luck. However, DB2 provides some built-in safeguard for retrieving your password. For example, you can provide a password hint during encryption. The password hint is a phrase that will jog the data owner's memory. The valid length of a password hint is anywhere from 0 and 32 bytes.
If, for example, you want to associate the password hint of "alma mater mascot" for a password of "longhorn," you would specify your hint at insertion:
insert into accounts values ( encrypt('1234567890123456', 'longhorn',
'alma mater mascot'), 'Kulvir', 'Bhogal')
To retrieve the hint, you can issue the following statement:
select GETHINT(accountnum) from accounts where firstname='Kulvir'
The hint also might be programmatically provided so the user can deduce the correct password.
What's Under the Hood?
DB2 uses the RC2 block cipher with padding encryption algorithm. You can learn about this algorithm at RSA Security's site, which also offers an excellent primer for cryptography in general.
Performance Impact and Size Considerations
In terms of system performance, encryption and the subsequent decryption does not come without a price. It takes time to perform these operations. Consequently, you should benchmark your application to get an accurate measurement of just how much of an impact encryption has on your database setup.
You also need to account for the size impact of encryption when you define the size of your columns. The rules for encryption column lengths vary depending on whether the data you are encrypting has a hint or not. Table 1 presents the rules of thumb as defined by the DB2 Information Center.
Protect Sensitive Data with DB2
In this 10-Minute Solution, you learned how to use the DB2 built-in functions for encryption and decryption of data. Security hacks are a nightmarish reality with which enterprises must deal. The data encryption features offered by DB2 are weapons that you can use to protect your customers' and your own sensitive data.