Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Protecting the encryption key from the DBA

Re: Protecting the encryption key from the DBA

From: Frank van Bortel <frank.van.bortel_at_gmail.com>
Date: Thu, 21 Jul 2005 18:08:32 +0200
Message-ID: <dbogu9$48c$1@news2.zwoll1.ov.home.nl> 





Maxim Demenko wrote:



> 

> Dump of memory from 0x0CC12C00 to 0x0CC14C00

> CC12C80 00000000 00000000 00000000 00000000  [................]

>         Repeat 499 times

> CC14BC0 02012C00 3402C102 EDE7161B 5DA564F3  [.,.....4.....d.]]

> CC14BD0 6D1CEE34 2DF13D3E F6A88FE7 B18237AB  [4..m>=.-.....7..]

> 

> Decrypted:

> 

> Dump of memory from 0x0CC12C00 to 0x0CC14C00

> CC12C80 00000000 00000000 00000000 00000000  [................]

>         Repeat 498 times

> CC14BB0 00000000 02022C00 0502C102 6978614D  [.....,......Maxi]

> CC14BC0 02002C6D 3402C102 EDE7161B 5DA564F3  [m,.....4.....d.]]

> 

> The only one encrypted value was "Maxim". Also, as i understand it, TDE

> doesn't present encrypted data through SQL (decrypting on the fly) , but

> encryts it in the data files... May be not exactly the feature,  many

> people have expected, but i find it not soo bad. And for encrypted

> representation via SQL we still have DBMS_CRYPT.

> 




Your understanding of TDE is the same as mine.
You only failed to show the correct blocks: in your encrypted
part, you show the blocks from CC14BC0 onward, while the
unencrypted part starts at CC14BB0.



I used grep -a on the datafile, expecting to find *no* match; I found
a match, so I concluded no encryption had taken place.


-- 
Regards,
Frank van Bortel


Received on Thu Jul 21 2005 - 11:08:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US