Browse by Tags

All Tags » computer securi... » encryption   (RSS)
New attack on AES-256
A new attack improves significantly on previous attacks against AES-256, see: http://schneier.com/crypto-gram-0908.html#8 . This doesn't mean that AES-256 is broken yet, but the surprising bit here is that AES-128 is not susceptible to this particular Read More...
Posted 14 October 09 05:05 by lcris | 0 Comments   
Filed under , ,
A discussion of password authentication schemes
I have talked in the past about how passwords for SQL logins are protected in SQL Server (see this post ). I would like to describe this scheme in a more generic way and compare it with the alternative of encrypting the passwords, because I have seen Read More...
Posted 09 May 08 01:45 by lcris | 0 Comments   
Filed under ,
Can encryption make you more vulnerable?
A recent article brings up this question and argues that encrypting data at rest can open the door to a new range of security and usability problems. Speaking only of the security aspects, I both agree and disagree, so I'd like to add a few comments on Read More...
Posted 11 February 08 04:57 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: A note about the use of certificates
To avoid any confusion, this post is not about the use of certificates for securing the communication between a client machine and the server; instead, this refers to the use of certificates created via the CREATE CERTIFICATE DDL. I am prompted in writing Read More...
Posted 04 October 07 08:59 by lcris | 3 Comments   
Filed under , , ,
SQL Server 2008: Transparent data encryption feature - a quick overview
I have kept silent on this feature while it was being developed, but as it has now been publicly advertised in various ways (being mentioned here , here , here , and here , for example), I think it is probably time to write a bit about it. Given that Read More...
Posted 03 October 07 04:55 by lcris | 2 Comments   
Filed under , , ,
SQL Server 2005: About login password hashes
There seem to be a couple of misconceptions around the SQL Server handling of login passwords. Hopefully, by the end of this post, you will have a much clearer idea about what is going on under the covers. Note that this refers to the passwords of logins Read More...
Posted 30 April 07 09:22 by lcris | 1 Comments   
Filed under , , ,
SQL Server 2005 security presentations at PASS - Pre Conference
If you missed the PASS Pre Conference security presentations, you can now catch up by viewing them online: http://cmcgc.com/Media/WMP/261115/ . Read More...
Posted 08 December 06 08:49 by lcris | 0 Comments   
Filed under , , ,
Who needs encryption?
For those that read my previous posts, the question in the title may be startling. I want to reassure you from the start: this post is not about encryption being a useless technique; it is just about it not being a solution for certain problems and definitely Read More...
Posted 30 November 06 06:07 by lcris | 4 Comments   
Filed under , , , ,
SQL Server 2005: How to regenerate the same symmetric key in two different databases
In a previous post on using symmetric keys , I mentioned that keys can be recreated using the KEY_SOURCE and IDENTITY_VALUE clauses of CREATE SYMMETRIC KEY. In this post, I'd like to expand a little on this topic and present a small demo as well. Because Read More...
Posted 06 July 06 03:26 by lcris | 9 Comments   
Filed under , , ,
Why encryption should be salted and a small C# demo
In my previous post on searching encrypted data , I mentioned that the SQL Server 2005 encryption procedures are salted and that this prevents an index on encrypted data from being useful for any type of cleartext searches. Today, I will illustrate why Read More...
Posted 08 May 06 02:51 by lcris | 2 Comments   
Filed under , , ,
SQL Server 2005: what to do when a decryption error occurs while regenerating or reloading a master key
Decryption errors during the regeneration of a master key are highly unlikely. I've never seen one of these occurring naturally so far (we caused these errors manually for testing), so a discussion on their topic has a slim chance of being useful in practice. Read More...
Posted 10 April 06 10:27 by lcris | 12 Comments   
Filed under , , ,
SQL Server 2005: Example for how to allow a user to encrypt but not decrypt
I've received this question a couple of times before: is it possible to restrict a user to encrypt data, but not be able to decrypt it? The answer to this is yes, but before I present the solution, let's discuss a little how symmetric keys are used. What Read More...
Posted 13 January 06 11:32 by lcris | 9 Comments   
Filed under , , , ,
SQL Server 2005: searching encrypted data
How to search encrypted data is a question that came up several times on forums and I should have blogged about this issue earlier, but better later than never. So the problem is that we have just encrypted that confidential column in our table, but we Read More...
Posted 22 December 05 02:19 by lcris | 19 Comments   
Filed under , , ,
About security and encryption with references to SQL Server 2005
There have been many books written on security and encryption, and there is much talk about security these days. I will not bring anything new with this post to the general topic of security, but I would like to present some ideas in condensed format. Read More...
Posted 20 December 05 02:06 by lcris | 8 Comments   
Filed under , , , ,
SQL Server 2005: Yet another column encryption demo - "Clinic"
Here's another demo I just used for a presentation of SQL Server 2005 encryption features. This shows how multiple keys can be used for encrypting data in a column and also how access to keys can be controlled. It's a fairly long demo: -- -- Column Encryption Read More...
Posted 16 December 05 08:50 by lcris | 5 Comments   
Filed under , , ,
More Posts Next page »

Search

This Blog

These posts are provided "AS IS" with no warranties, and confer no rights.

Syndication

Page view tracker