# Calculating storage requirements for encrypted data

The **LENGTH** function provides a convenient way to
calculate the storage requirements of encrypted data directly:

`EXECUTE FUNCTION LENGTH(ENCRYPT_TDES("1234567890123456", "simple password"));`

This
returns `55`.

```
EXECUTE FUNCTION LENGTH(ENCRYPT_TDES("1234567890123456", "simple password",
"12345678901234567890123456789012"));
```

This returns `107`.

`EXECUTE FUNCTION LENGTH(ENCRYPT_AES("1234567890123456", "simple password"));`

This
returns `67`.

```
EXECUTE FUNCTION LENGTH(ENCRYPT_AES("1234567890123456", "simple password",
"12345678901234567890123456789012"));
```

This returns `119`.

The required storage size for encrypted data is sensitive
to three factors:

- N, the number of bytes in the plain text
- whether or not a hint is provided
- which encryption function you use (
**ENCRYPT_TDES**or**ENCRYPT_TDES**)

- Encryption by
**ENCRYPT_TDES( )**with no hint:**Encrypted size**= (4 x ((8 x((N + 8)/8) + 10)/3) + 11) - Encryption by
**ENCRYPT_AES( )**with no hint:**Encrypted size**= (4 x ((16 x((N + 16)/16) + 10)/3) + 11) - Encryption by
**ENCRYPT_TDES( )**with a hint:**Encrypted size**= (4 x ((8 x((N + 8)/8) + 50)/3) + 11) - Encryption by
**ENCRYPT_AES( )**with a hint:**Encrypted size**= (4 x ((16 x((N + 16)/16) + 50)/3) + 11)

Based on these formulae, the following table shows the
encrypted size (in bytes) for selected ranges of values of N:

N | ENCRYPT_TDES No Hint | ENCRYPT_AES No Hint | ENCRYPT_TDES With Hint | ENCRYPT_AES With Hint |
---|---|---|---|---|

1 to 7 | 35 | 43 | 87 | 99 |

8 to 15 | 43 | 43 | 99 | 99 |

16 to 23 | 55 | 67 | 107 | 119 |

24 to 31 | 67 | 67 | 119 | 119 |

32 to 39 | 75 | 87 | 131 | 139 |

40 to 47 | 87 | 87 | 139 | 139 |

100 | 163 | 171 | 215 | 227 |

200 | 299 | 299 | 355 | 355 |

500 | 695 | 707 | 747 | 759 |

If the column size is smaller than the data size returned by encryption functions, the encrypted value is truncated when it is inserted. In this case, it will not be possible to decrypt the data, because the header will indicate that the length should be longer than the data value that the column contains.

These formulae and the values returned by the **LENGTH** function,
however, indicate that the table schema in the next example can store
the encrypted form of 16-digit credit card numbers (with a hint).