Deprecating Weaker Encryption Functions

A Quick Security Update

Starting with MySQL 5.7.6, the following functions are now deprecated:

DES (Data Encryption Standard) is known to be less secure and slower than other available encryption methods. There are also many well known attack methods that can be used against it.

AES (Advanced Encryption Standard) was the chosen successor to DES. It provides better security and performance, thus obsoleting the older DES based functions. MySQL provides the following AES functions:

When using the AES functions, you can also use the block_encryption_mode session variable to configure the following AES parameters:

  • Block encryption mode
  • Key size
  • Initialization vector

We recommend that users stop using the deprecated DES based functions and switch to AES functions as soon as possible.

If you have any questions or comments about these functions, please let us know! You can leave a comment here on the blog post or in a support ticket.

As always, THANK YOU for using MySQL!

One thought on “Deprecating Weaker Encryption Functions

  1. The DES_ENCRYPT function doesn’t use DES but it’s successor Triple DES (3DES) which uses a 168 bit key (3 * 56 bit keys).
    If Oracle considers 3DES being insecure, I wonder why it’s still supported as a valid cipher in TLSv1 ((DES-CBC3-SHA).

    The weakness itself isn’t the block cipher but the implementation, which doesn’t provide any security:
    – If keys are stored in a file (des-key-file), the key file needs to be stored on the server (deposit the key on safe)
    – If no des key file is used, the 168 bit key is filled with \0 .

Leave a Reply