Re: Database Encryption

[Rick Smith <rick_smith () securecomputing com>]

At 11:17 AM 04/03/2000 -0500, Scott, Richard wrote:
> Greetings all,
>
> After doing some research, it seems that there are a lot of commerce sites
> hosing plain text data in their databases held in DMZ.  I recall that there
> are a few companies planning to release "network cards" to allow on the fly
> encryption for database content?  Does anyone have any more information?

The network encryption cards only encrypt network traffic -- they don't
encrypt data sitting on a hard drive.

Database encryption is one of those great ideas that always fails in the
harsh light of real world performance requirements. Database fanatics place
the highest value on performance, since the database's utility is defined
by what kinds of transactions you can actually finish in a reasonable
amount of time.

Encryption is slow, and initial key setup is generally the slowest part of
the process. For database encryption to make sense, you'd have to encrypt
different data items differently. Thus, a "simple" database search would
probably require a separate "pick key" and "encrypt" operation for each
record. Hardware acceleration would speed up the encryption, but the
database owner would probably prefer to spend the hardware money on other
aspects of the database system.

Rick.
smith () securecomputing com    roseville, minnesota