[17405] in cryptography@c2.net mail archive
Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Jun 8 21:18:07 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 8 Jun 2005 15:22:37 -0400
From: Adam Shostack <adam@homeport.org>
To: astiglic@okiok.com
Cc: Ken Buchanan <K.Buchanan@Kastenchase.com>,
cryptography@metzdowd.com
In-Reply-To: <14898.207.236.193.195.1118252025.squirrel@mail.okiok.com>
On Wed, Jun 08, 2005 at 01:33:45PM -0400, astiglic@okiok.com wrote:
|
| "Ken Buchanan wrote:"
| > There are a number of small companies making products that can encrypt
| > data in a storage infrastructure, including tape backups (full disclosure:
| > I work for one of those companies). The solutions all involve appliances
| > priced in the tens of thousands. The costs come not from encryption (how
| > much does an FPGA cost these days?), but from solving the problems you
| > listed, plus some others you didn't.
| >
| > Now that the benefit of storage encryption is clearer, tape vendors
| > (StorageTek, HP, IBM, etc) are almost certainly looking at adding
| > encryption capability into their offerings.
|
| Another area where I predict vendors will (should) offer built in
| solutions is with database encryption. Allot of laws require need-to-know
| based access control, and with DBA's being able to see all entries that is
| a problem. Also backups of db data can be a risk.
| Oracle, for example, provides encryption functions, but the real problem
| is the key handling (how to make sure the DBA can't get the key, cannot
| call functions that decrypt the data, key not copied with the backup,
| etc.).
| There are several solutions for the key management, but the vendors should
| start offering them.
I would argue that the real problem is that encryption slows large
searches (is percieved to slow large searches, anyway.)
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
