Database Encryption

[john.h.hoyt at gmail.com (John Hoyt)]

Thanks everyone for their input so far.

The requirement is being defined, but I think that the need would be to
encrypt specific fields/columns within the rows/records.  Not specific
records.

For example, encrypt the SSN field, but not the first name or last name.

The kicker is that the application needs to be able to decrypt those fields
and do comparisons and then encrypt them again on the fly.

According to what I've heard from Oracle so far on this they can do it.

We have not tested that theory yet though.

John

On Thu, May 27, 2010 at 2:43 AM, Robert Wahl <netlacky at gmail.com> wrote:

> There are a couple of interesting players in the place... Safenet, voltage,
> etc..
>
> I've had some experience doing transparent data encryption (not Oracle TDE)
> of columns... but you are looking to encrypt specific records?
>
> Message: 2
> Date: Tue, 25 May 2010 10:22:09 -0400
> From: John Hoyt <john.h.hoyt at gmail.com>
> Subject: [Pauldotcom] Database Encryption
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTil7EvEdrwckxwMzeK3j2oPpRxsJVPr6pVq-Rk8x at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Does anyone have experience with database (row/record) encryption?  I'm
> looking at Oracle TDE and other competitor solutions.
>
> Some of the main points I'm interested in are:
>
>
>   - Performance
>   - Key management
>   - Backups
>   - Comparison against full-disk encryption
>
>
> Thanks for any help,
> John
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100527/25a53ce1/attachment.htm