[17448] in cryptography@c2.net mail archive
Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
daemon@ATHENA.MIT.EDU (astiglic@okiok.com)
Thu Jun 9 18:33:34 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <42A7BF1E.20507@algroup.co.uk>
Date: Thu, 9 Jun 2005 17:00:28 -0400 (EDT)
From: astiglic@okiok.com
To: "Ben Laurie" <ben@algroup.co.uk>
Cc: "Adam Shostack" <adam@homeport.org>,
"Ken Buchanan" <k.buchanan@kastenchase.com>,
cryptography@metzdowd.com
> astiglic@okiok.com wrote:
>>>| Oracle, for example, provides encryption functions, but the real
>>> problem
>>>| is the key handling (how to make sure the DBA can't get the key,
>>> cannot
>>>| call functions that decrypt the data, key not copied with the backup,
>>>| etc.).
>>>| There are several solutions for the key management, but the vendors
>>>should
>>>| start offering them.
>>>
>>>I would argue that the real problem is that encryption slows large
>>>searches (is percieved to slow large searches, anyway.)
>>>
>>>Adam
>>
>>
>> Yes, encrypting indexed columns for example is a problem. But if you
>> limit yourself to encrypting sensitive information (I'm talking about
>> stuff like SIN, bank account numbers, data that serves as an index to
>> external databases and are sensitive with respect to identity theft),
>> these sensitive information should not be the bases of searches.
>> If they are not he basis of searches, there will be no performance
>> problems related to encrypting them.
>
> If they are indexes to external databases, then they are the basis of
> searches in those databases, by definition.
My terminology might have been misleading. By "indexes to external
databases", I don't mean that the application that uses the database
actually talks to the external databases (it doesn't use the info as a key
to that external database)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
