Firewall Wizards mailing list archives
Re: Database Encryption
From: Rick Smith <rick_smith () securecomputing com>
Date: Tue, 11 Apr 2000 11:13:46 -0500
At 11:17 AM 04/03/2000 -0500, Scott, Richard wrote:
Greetings all, After doing some research, it seems that there are a lot of commerce sites hosing plain text data in their databases held in DMZ. I recall that there are a few companies planning to release "network cards" to allow on the fly encryption for database content? Does anyone have any more information?
The network encryption cards only encrypt network traffic -- they don't encrypt data sitting on a hard drive. Database encryption is one of those great ideas that always fails in the harsh light of real world performance requirements. Database fanatics place the highest value on performance, since the database's utility is defined by what kinds of transactions you can actually finish in a reasonable amount of time. Encryption is slow, and initial key setup is generally the slowest part of the process. For database encryption to make sense, you'd have to encrypt different data items differently. Thus, a "simple" database search would probably require a separate "pick key" and "encrypt" operation for each record. Hardware acceleration would speed up the encryption, but the database owner would probably prefer to spend the hardware money on other aspects of the database system. Rick. smith () securecomputing com roseville, minnesota
Current thread:
- Database Encryption Scott, Richard (Apr 10)
- Re: Database Encryption Bill Pennington (Apr 17)
- <Possible follow-ups>
- Re: Database Encryption Rick Smith (Apr 17)