Version: IDS 10

We have need to encrypt few columns of the database. One of the
options I looked at was encryption functions provided by informix.
But, when I asked some of the consultant they told us that Informix
has performance issues in using their encryption functions. They
recommend to NOT use informix's encryption function. I wanted to know
if this is the case, and if yes, then is it going to be improved in
next versions of IDS.

On Mon, 2007-07-30 at 22:33 +0000, mohitanchlia (AT) gmail (DOT) com wrote:
I haven't used column-level encryption myself yet, so please take the
following advice with a grain of salt.

*ANY* encryption mechanism will impact performance, because you're
asking the computer to do more work than it would do without encryption.
If you must encrypt, you have no choice about incurring this performance
hit. Your only choice is whether this performance hit is incurred on the
client(s) or on the server, if client and server are actually physically
different computers.

The advantage of doing encryption on the server is that the
functionality is built-in, and I would imagine that the smart guys over
in Lenexa are using state-of-the-art implementations of state-of-the-art
algorithms. I don't know if the same could be said for whatever you
choose to bolt on to the client side. (I can't help but wonder what your
consultant recommends instead.) The only advantage of doing the work
client-side is that the workload is distributed across multiple CPUs.

I suggest you actually run performance tests of no encryption versus
server-side encryption versus client-side encryption. *If* you can't get
satisfactory performance, *then* ask for speedup suggestions. Until
then, anything else is pure speculation and premature optimization.

Hope this helps,

--
Carsten Haese
http://informixdb.sourceforge.net