[cryptography] Questions about crypto in Oracle TDE
Kevin W. Wall
kevin.w.wall at gmail.com
Sun Nov 11 19:25:48 EST 2012
On Sun, Nov 11, 2012 at 4:19 PM, Jeffrey I Schiller <jis at qyv.net> wrote:
> This all sounds like another variation on "encrypting data at rest." It
> protects against threats related to acquisition (legally or not) of the
> media that the data is stored on.
> At first I thought all of this of limited value. However upon closer
> thought, it actually provides some real value. In particular it makes
> the destruction of the data much simpler. Destroy the key and the data
> is effectively gone, without having to erase the actual media. So when I
> "delete" a virtual disk on GCE, all Google has to do is erase the
> corresponding encryption key to ensure that my data is really
> unrecoverable. Simlarly, newer versions of the iPhone encrypt the
> phone's flash. The Wipe function now only has to wipe the key for the
> wipe to have effect. Prior to having this level of encryption, the whole
> flash had to be wiped, which takes time, time in which the thief can
> remove the battery to thwart the wipe.
> Although I am not familiar with this Oracle product. I suspect it offers
> the same feature. As long as the encryption keys are on separate media
> from the sensitive data, it can help avoid the compromise of the data
> via decommissioned disks or just disks being shipped to off-site storage
> (as disks do get lost in shipment).
If this is the only threat that Oracle TDE protects against, then I think
you would be better off just using hard drives that support FDE in the
hardware (ideally) or at least at the OS layer. I guess that Oracle TDE
might be a performance win over FDE, but it this is the threat you are
trying to mitigate, I would also think that FDE would provide the
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the cryptography