1

In my web application, we encrypt the query parameters using PBEWithMD5AndDES and then encode it using sun.misc.BASE64Encoder().encode(). It makes the length of whole URL more than 140 characters. Is there a way without changing encryption & encoding , I can reduce the length to around 80 characters? If I have to change the encryption algorithm and encoding to reduce the length, what should I be using keeping security in mind?

yogsma
  • 10,142
  • 31
  • 97
  • 154
  • I guess one will be able to help you better if you let us know which encryption algorithm you are using. – Vikas V Dec 10 '13 at 06:38
  • You could count output length after base64 encoding like new length nearly equal to old length * 1.33. To reduce output length you should try algos with bigger alphabet (like base85). – mkrakhin Dec 10 '13 at 06:41

2 Answers2

2

Base64 encoding has its known overhead, and encryption also has an overhead - switching to a different encoding algorithm may reduce the overhead and so might the encryption algorithm - but I see no sure bets here - you might reduce it to be 139 characters for your current data set, but any additional data requirements might again repeat the problem.

I see two options:

  1. Compress the data before you encrypt it -
    Pros: Relatively easy to develop.
    Cons: May effect performance, might not reduce the size sufficiently.
  2. Use POST and pass the parameter in the response body instead of as a query parameter.
    Pros: Encrypted data is not logged on server logs (security), size is "unlimited" Cons: Might require significantly more development time, might not be possible in your environment altogether (external requirements, technology issues etc.)

I would go for option #2 given the chance.

RonK
  • 9,472
  • 8
  • 51
  • 87
  • Thanks. Option 2 is not something I can go at the moment. I will try the first one if I can do it quickly. How do I compress the query parameters? – yogsma Dec 10 '13 at 07:00
  • Check out this SO answer: http://stackoverflow.com/a/5934620/357360 Also - here is another example which is more Strings related: http://www.coderanch.com/t/374637/java/java/Compressing-Decompressing-strings-Java – RonK Dec 10 '13 at 07:31
  • Thanks, I tried those things, but sometimes it reduces the length and sometimes it increases the length. Very fluctuating. – yogsma Dec 10 '13 at 17:31
  • So sending the value in the response/request body via POST is your only resort. – RonK Dec 10 '13 at 22:14
  • Another option would be to split the value into two query parameters-but passing it in the body is much better - what is the reason you are avoiding it? – RonK Dec 10 '13 at 22:15
  • The reason I am avoiding it, it will make me rewrite whole application. – yogsma Dec 10 '13 at 22:31
1

Only you can reduce the length of name of query parameter. If you will try for for any type of encoding it will increase length of query.

So I will suggest use form submission rather then query based submission. Or please post your complete scenario which will show that in which conditions you want to submit your data.

Rahul Sahu
  • 274
  • 1
  • 4
  • 15