Re: best practices for encryption key managment??

From: <Jared.Still_at_radisys.com>
Date: Wed, 26 May 2004 12:11:55 -0700
Message-ID: <OFD9CFEC65.20C1004B-ON88256EA0.00691E7D-88256EA0.006975FE@radisys.com>

Larry,
And now you have discovered the crux of the problem with encryption.

Encypting data is relatively easy, managing it doesn't seem to be.

There was an article in recent issue of SELECT ( www.selectonline.org ) where the
author stored the key with the card number. Each card number had it's own key.

The purpose was to minimize the impact of someone getting hold of a key.

HTH Jared

oracle-l-bounce_at_freelists.org wrote on 05/26/2004 10:07:14 AM:

> We are using the dbms_obfuscation toolkit to encrypt sensitive data per
> VISA's requirements.
> Has anyone gone through the VISA audit before? They are not clear on
their
> expectations for encryption...
>
> I've found next to no info on key management - our plan is store the key
in
> the database and also in pvcs with access limited to the dba team.
>
> Any advice or experience to share would be appreciated...
>
> Thanks,
>
> Larry
> Larry Lane
> Senior Database Administrator
> EchoStar Satellite L.L.C
> 9601 South Meridian Blvd
> Englewood, CO 80112
>
> email: lawrence.lane_at_echostar.com
>

---

Please see the official ORACLE-L FAQ: http://www.orafaq.com

---

To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

Received on Wed May 26 2004 - 14:09:05 CDT