Is it worth encrypting email addresses in the database?

Question

I\'m already using salted hashing to store passwords in my database, which means that I should be immune to rainbow table attacks.

I had a thought, though: what if s

Answer 1

I would say it depends on the application of your database.

The biggest problem is, where do you store the encryption key? Because if the hacker has excess to anything more than your DB, all your efforts are probably wasted. (Remember, your application will need that encryption key to decrypt and encrypt so eventually the hacker will find the encryption key and used encryption scheme).

Pro:

• A leak of your DB only will not expose the e-mail addresses.

Cons:

• Encryption means performance loss.
• Allot of database actions will be harder if not impossible.