Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Wallet file on host only during startup

Re: Wallet file on host only during startup

From: GovindanK <gkatteri_at_fastmail.fm>
Date: Fri, 15 Dec 2006 14:28:08 -0800
Message-Id: <1166221688.25049.280708619@webmail.messagingengine.com>


Good reference. But even Tom Kyte's followup does not shedding any light on how to keep the wallet on a diff. server.

Parallelly i found the the following might be of help , of using LDAP. http://download-west.oracle.com/docs/cd/B19306_01/network.102/b14268/asowalet.htm#BABFJICD

Govindan

On Fri, 15 Dec 2006 22:31:14 +0100, "Alberto Dell'Era" <alberto.dellera_at_gmail.com> said:
> > Hi Has anyone tried keeping the wallet file out of the box once the
> > database is started.
>
> I'm not an expert about TDE, but one week ago I investigated it and
> found this posting by Arup Nanda very informative:
>
> http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:44742967463133#45591838845270
>
> basically, what I got is that keeping the wallet on the same box
> is perfectly safe, since a wallet without its password is perfectly
> useless to the attacker.
>
> Also, I would expect (stress on "expect", I'm making an educated guess)
> that the encryption algorithm used for the wallet is much stronger than
> the one
> used for the columns. Because, the columns have to be en/decrypted
> on line, so reasonably fast, while the wallet has to be decrypted only
> when the instance starts; a few seconds used to decrypt the wallet
> is perfectly acceptable, but definitely not acceptable for the columns.
>
> If my guess is correct, an attacker would be better off ignoring the
> stolen wallet altogether, and use his cryptanalysis skills directly
> on the datafiles - less resistance there.
>
> --
> Alberto Dell'Era
> "Per aspera ad astra"

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Dec 15 2006 - 16:28:08 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US