Re: Securing encrypted data in RAM vs MSSQL

[George Capehart <gwc () acm org>]

On Wednesday 30 June 2004 20:51, Dave Andrews allegedly wrote:
> Hello All,
>
> Is anyone aware of a way to store encrypted sensitive data in RAM for
> access via a web application using ASP?  It would be posted in the
> same manner.
> Is storing in RAM preferable to using an encrypted database, in this
> case SQL 2000?
> Is there anyway to securely delete or timeout the data after a
> certain period of time?
> If you discard the data are there potential problems with California
> SB 1386 and being able to track intrusions and possible data
> compromise?
>
> I'm not a developer, but want a better solution than what the
> developers and client have proposed.

Dave,

Answers to crypto questions are very seldom simple or short.  You've 
asked some pretty open-ended questions for which there are many 
answers.  Choosing from among them will be your real task.  Before you 
do, I would urge you to at least skim _Practical_Cryptography_ by Niels 
Ferguson and Bruce Schneier (ISBN 0-471-22357-3).  Doing crypto well is 
*very* hard.  This book should help provide you with a context from 
within which to evaluate the answers you get.

Best regards,

George Capehart
-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925