Re: Securing encrypted data in RAM vs MSSQL

[Ivan Krstic <krstic () fas harvard edu>]

Lucas Holt wrote:
> [...] When the power goes out, you lose the
> data if its in ram. [...]

Yes and no, depending on how much you want to nitpick. See Gutmann's 
classic "Secure Deletion of Data from Magnetic and Solid-State Memory" 
[1] for a thorough treatment. Also good are sections 9.3.1-9.3.4 in 
Ferguson, Schneier, "Practical Cryptography" (Indianapolis, Wiley 
Publishing, 2003).

Usually, this is of no concern, but if one's dealing with particularly 
sensitive information, it becomes vital to keep in mind memory is *not* 
safe. If one really insists of keeping very important things (keys, etc) 
in memory safely, the only solution I'm aware of is the use of a Boojum, 
as mentioned by Ferguson, Schneier [2].

[1] http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
[2] Crescenzo, Ferguson, Impagliazzo, Jakobsson. "How to Forget a 
Secret". In Meinel, Tisson, editors, STACS 99, vol. 1563 of "Lecture 
Notes in Computer Science", pp. 500-509. Springer Verlag, 1999.

Cheers,
Ivan.