Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Wallet file on host only during startup

Re: Wallet file on host only during startup

From: Alberto Dell'Era <alberto.dellera_at_gmail.com>
Date: Fri, 15 Dec 2006 22:31:14 +0100
Message-ID: <4ef2fbf50612151331q5dea83d7u16d03d455e17fe89@mail.gmail.com> 





>  Hi Has anyone tried keeping the wallet file out of the box once the

> database is started.




I'm not an expert about TDE, but one week ago I investigated it and
found this posting by Arup Nanda very informative:



http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:44742967463133#45591838845270



basically, what I got is that keeping the wallet on the same box
is perfectly safe, since a wallet without its password is perfectly
useless to the attacker.



Also, I would expect (stress on "expect", I'm making an educated guess)
that the encryption algorithm used for the wallet is much stronger than the one
used for the columns. Because, the columns have to be en/decrypted
on line, so reasonably fast, while the wallet has to be decrypted only
when the instance starts; a few seconds used to decrypt the wallet
is perfectly acceptable, but definitely not acceptable for the columns.



If my guess is correct, an attacker would be better off ignoring the
stolen wallet altogether, and use his cryptanalysis skills directly
on the datafiles - less resistance there.


-- 
Alberto Dell'Era
"Per aspera ad astra"
--
http://www.freelists.org/webpage/oracle-l


Received on Fri Dec 15 2006 - 15:31:14 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US