Skip to content

Get the most out of MSSQL !

Consultant & Trainer for all things MSSQL

  • Home
  • Company
  • Business Intelligence
  • Simply Better Business

Performance comparison between Plain text, Hashing and Cell level encryption

Posted on July 5, 2015March 20, 2021 by jayanth.kurup

In this blog post I am doing a quick comparison on the performance implications of using Cell level encryption vs Hashing vs storing the data as plain text with just column level permissions.

While it would be pretty obvious that encryption has significantly more overhead what I was interested in knowing was “by how much”. The question was mainly if the difference between cell level encryption performance and hashing performance is less would I prefer to use encryption. Obviously there are some disadvantages to using hashing such as commonly used passwords would generate the same has value which is circumvented by using a GUID key along with the hash ( this is the approach followed in this test).

The below diagram shows the numbers but let me explain the approach.

There is a table which contains 5 columns, username, password, hash-password, key and encrypted password against which I am randomly looking up username and passwords, all usernames and passwords are unique. The test was run at least 5 times (1000 iterations per run) for the below scenarios

  • Encryption with and without appropriate indexes
  • Hashing with and without appropriate indexes
  • Plain text password with and without appropriate indexes

Once indexes are in place you will notice that the difference in performance between Hashing and Encryption are significant but small, please keep in mind that I have used TRIPLE DES Encryption better algorithms will result in more time. You will notice that plain text and Encryption heavily rely on indexes to improve their performance while hashing doesn’t benefit as much with the index.

The below diagram shows the execution plan for encryption notice the “Filter” task being performed this is done because the encrypted password is not used as seek predicate in index seek operation and instead needs to be filtered later. This means that it’s better to have unique usernames (which is almost always the case) so that filter task just needs to deal with one row.

The below screen shot shows the execution plan for the hashing operation.

So in summary , I would prefer to use hashing for high performance/high concurrency but slightly less security critical databases. Infact the only reason I would use encryption would be to be complaint with some industry standard else Pricipal of least privilages and sound DB design should be good enough.

In case anybody is wondering what I mean by hashing here is the query

select username , [hashpassword] from testlogins
where username = @username and [hashpassword]=hashbytes('SHA1',@password+'878C5B0D-2D20-481D-8220-D1F864069BB3')

This is what I mean by encryption

A video explaining this blog in much more detail along with the tests in realtime.

 

Please Consider Subscribing

Subscribe

CategoriesDatabases, Performance TuningTagsadministration, advantage, age, AI, algorithm, Analysis Services, app, approach, appropriate index, AWS, Azure, Bangalore, benefit, Bengaluru, Better, BigData, blog post, BLR, Business Intelligence, bytes, CaL, case, cause, cell, cell level encryption, Cloud, code lang, column, comparison, complaint, Concurrency, Consultant, Consulting, Corporate, currency, Data, database, detail, development, diagram, difference, disadvantage, Enabled Business Solutions, enabledbusiness, enabledbusinesssolutions, encrypted password, Encryption, exe, exec, execution plan, expert, fact, form, group, hashpassword, head, index, indexes, India, Industry, industry standard, int, interest, iteration, Jayanth, key, Kurup, LAG, lease, level, light, load, login, Mary, mean, Migration, min, mind, ML, ms sql server, MSBI, MSSQL, MYSQL, name, need, network, notice, number, ol style, operation, Oracle, overhead, password, performance, performance implication, permission, place, plain text, plan, png, post, power pivot, Power Query, PowerApps, PowerBI, Powershell, pre, Python, Query, question, quick comparison, RAM, rate, RDBMS, reason, red, Remote, result, row, run, scenario, screen shot, sec, security, SELECT, show, shows, sign, solution, sql, SQL 2000, SQL 2005, SQL 2008, sql 2008 r2, sql 2012, SQL 2014, SQL 2016, SQL 2017, SQl 2019, SSAS, SSIS, SSMS, SSRS, standard, SUM, summary, T-SQL, tab, task, test, text, TITLE, tlog, tools, trainer, Transact, tsql, tuning, unique, Upgrade, uploads, Uri, user, username, value, Very large database, video, Virtual, virtual machine, visual studio, VM, windows, word, youtu, YouTube

jayanth.kurup

This post was written by Jayanth Kurup. A Microsoft SQL Server Consultant and Trainer based out of Bangalore, India. Jayanth has been working on MS SQL Server for over 15 years. He is a performance tuning and Business Intelligence expert. Having worked with companies like Microsoft, DELL, Wells Fargo, Thomson Reuters and many other fortune 100 companies. Some other technologies Jayanth works on include Microsoft Azure, PowerBI, Python and AWS. When he isn’t consulting or training, Jayanth like to travel, paint and read. He is also very active in social causes and the founder of Enabled Business Solutions. Visit his company by clicking the link in the menu or email him directly.

Post navigation

PreviousPrevious post: OStress.exe – use it if you aren’t already
NextNext post: The tempdb – why shrinking doesn’t always work

The Latest

  • Monty Hall Simulation using T-SQL April 5, 2022
  • Query to quickly profile a column February 7, 2022
  • Outlook 2019 keeps asking for password multiple times December 9, 2021
  • Part 2:- Learning T SQL for beginners – Datatypes September 28, 2021
  • Part 1:- Learning T SQL for beginners- SQL, Tables and Nulls September 27, 2021
  • Query to find execution time of Jobs July 28, 2021
  • A simple script to decapitalize Column names July 19, 2021
  • My personal side effects with Covishield June 27, 2021
  • Setting up and Configuring CUDA, CUDNN and PYTorch for Python Machine Learning. June 3, 2021
  • keras.utils.generic_utils’ has no attribute ‘populate_dict_with_module_objects May 30, 2021

Find By Category

  • Azure
  • Databases
  • Events
  • Performance Tuning
  • PowerBI
  • Uncategorized
  • Website Design

Archive

  • April 2022 (1)
  • February 2022 (1)
  • December 2021 (1)
  • September 2021 (2)
  • July 2021 (2)
  • June 2021 (2)
  • May 2021 (2)
  • April 2021 (5)
  • March 2021 (10)
  • January 2021 (2)
  • November 2020 (2)
  • October 2020 (3)
  • September 2020 (4)
  • August 2020 (6)
  • July 2020 (1)
  • June 2020 (32)
  • May 2020 (18)
  • April 2020 (2)
  • March 2020 (4)
  • February 2020 (5)
  • January 2020 (1)
  • December 2019 (1)
  • November 2019 (14)
  • October 2019 (3)
  • September 2019 (1)
  • July 2019 (3)
  • June 2019 (2)
  • May 2019 (1)
  • April 2019 (2)
  • March 2019 (1)
  • January 2019 (4)
  • December 2018 (2)
  • November 2018 (4)
  • September 2018 (6)
  • August 2018 (2)
  • July 2018 (3)
  • June 2018 (4)
  • May 2018 (1)
  • April 2018 (4)
  • March 2018 (3)
  • February 2018 (3)
  • January 2018 (1)
  • December 2017 (2)
  • November 2017 (4)
  • August 2017 (2)
  • July 2017 (5)
  • May 2017 (1)
  • March 2017 (3)
  • January 2017 (3)
  • December 2016 (2)
  • November 2016 (2)
  • October 2016 (4)
  • September 2016 (1)
  • August 2016 (1)
  • July 2016 (1)
  • June 2016 (1)
  • May 2016 (2)
  • April 2016 (1)
  • March 2016 (14)
  • February 2016 (10)
  • January 2016 (19)
  • December 2015 (3)
  • November 2015 (5)
  • October 2015 (10)
  • September 2015 (9)
  • August 2015 (16)
  • July 2015 (13)
  • June 2015 (4)
  • May 2015 (2)
  • April 2015 (2)
  • March 2015 (7)
  • February 2015 (3)
  • January 2015 (22)
  • December 2014 (1)
  • November 2014 (5)
  • October 2014 (12)
  • September 2014 (5)
  • August 2014 (7)
  • July 2014 (41)
  • June 2014 (9)
  • May 2014 (12)
  • April 2014 (32)

Members Only

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress