WebApp Sec mailing list archives
RE: Encrypted storage
From: <Glenn_Everhart () bankone com>
Date: Thu, 9 Sep 2004 11:29:01 -0400
If your database is all encrypted, you have transformed an access control problem for the original database into a key management problem. Specifically: what governs who may get at plaintext and how secure is it? If your database is one you (or just maybe you and some very few people you REALLY REALLY trust) alone should access, encrypting the whole thing (or putting it on a cryptodisk, equivalently) is a very sensible solution. Make sure you have the key written out somewhere, preferably several times on different physical containers, and locked up securely so you can recover if you forget the key. Then go to it. If you are sharing access, everything depends on the key sharing specifics. Encrypting all your stuff can be extremely high overhead. (My old cryptodisk code for pdp11, on a pdp11/70, would either have the machine encrypting/decrypting or letting it do useful other work: essentially it could not do both because the encrypt or decrypt operations took ~100% of the CPU.) Only use it when you are sure that the key management is handling your access control better than any other access control scheme. Much of the time, it will not. It is good when the attack expected is someone who might have system privs coming in and trying to take the data off hours or from backups. IF the keys used are not kept online, you can make that attacker's life difficult. Any time some mechanized process is going to decide when to decrypt encrypted data for you, and can do so without being supplied extra information, an attacker can analyze and duplicate what the machine process will do. Even if added information is needed, if the system has not been designed carefully enough that information might be revealed, allowing the crypto to be broken. Remember the stories about FBI inserting key loggers on suspects' machines? It can be simpler to block users from access to "raw" disks or containers and build a decent conventional access control system than trying to get key management right. I advise using crypto for access control only sparingly, when you have the time to really understand the key management issues. Glenn Everhart -----Original Message----- From: Jeffrey Koniszewski [mailto:jkoniszewski () kronos com] Sent: Wednesday, September 08, 2004 4:39 PM To: webappsec () securityfocus com Subject: Encrypted storage I was wondering (because customers have asked me) whether anyone is configuring their database to store all information encrypted. Databases have this capability but the overhead can be so heavy that vendors don't recommend using it generically. Also, if most of the data is not sensitive it is a lot of work to protect small amounts of data. Is anyone aware of someone using this capability? Under what circumstances? What's the performance hit? What other gotchas? How about encrypted communication to the DB from the app server? ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
Current thread:
- Encrypted storage Jeffrey Koniszewski (Sep 08)
- Re: Encrypted storage Ido Rosen (Sep 09)
- Re: Encrypted storage Erik Kangas (Sep 09)
- Re: Encrypted storage Martin Sarsale (Sep 09)
- Re: Encrypted storage Shirokov Roman (Sep 09)
- <Possible follow-ups>
- RE: Encrypted storage Glenn_Everhart (Sep 09)
- RE: Encrypted storage Browne, Derek (Sep 10)
- RE: Encrypted storage Singh, Yashpal (Sep 10)
- RE: Encrypted storage Matis (Sep 11)
- Re: Encrypted storage Ido Rosen (Sep 09)