[cryptography] Questions about crypto in Oracle TDE

Kevin W. Wall kevin.w.wall at gmail.com
Thu Nov 8 11:49:42 EST 2012


I'm hoping someone on this list can either provide details on how
Oracle's "Transparent Data Encryption" (TDE) works in their Oracle Database,
especially with Oracle 10g.

We have an application that is storing SSNs as cleartext which they are
finally getting read to store in an encrypted format using 128-bit AES. (I am
not sure if the SSNs are presently stored as NUMBER or VARCHAR2 though.)
The application also will *still* have a legitimate business need of doing
indexed searches via the *full* SSN.

Oracle TDE is being looked at as oneoption because it is thought to be
more or less transparent to application itself and its JDBC code. Also,
presumably it would simplify key change operations as well since the
development team wouldn't have to code for that.

The Oracle TDE documentation (here for 10g:
discusses the use of "salt" in section 3.2.4. Specifically, this documentation

    "Salt is a way to strengthen the security of encrypted data.
    It is a random string added to the data before it is encrypted,
    causing repetition of text in the clear to appear different when
    encryptee. Salt thus removes one method attackers use to steal data,
    namely, matching patterns of encrypted text."

Salting is the TDE default for encrypted columns (at least in 10g).  However,
this documentation goes on to say:

    "However, if you plan to index the encrypted column, you must
    use NO SALT."

Doing searches by full SSN over close to a 1M records is obviously going
to need indexing, so that implies that salting cannot be used for SSNs
(at least not w/out application changes, to say, search for a MAC of the
SSN instead of the SSN itself, or some other similar mechanism).

My confusion comes from trying to understand exactly what Oracle means
when they refer to "salt". Are they really discussing the use of
a random IV vs. a fixed IV? Or are the XOR'ing some random salt with
the encryption key in some cases and not in others or what?

For that matter, does anyone even know what cipher modes or padding
schemes they use with Oracle TDE in Oracle 10g? For all I know they
may be doing something like using ECB mode.

It's hard to ascertain the downside of using Oracle TDE if I don't know
any of these details so I'm hoping that someone on this list can
comment on it.

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

More information about the cryptography mailing list