Browse by Tags

All Tags » encryption   (RSS)
New attack on AES-256
A new attack improves significantly on previous attacks against AES-256, see: http://schneier.com/crypto-gram-0908.html#8 . This doesn't mean that AES-256 is broken yet, but the surprising bit here is that AES-128 is not susceptible to this particular Read More...
Posted 14 October 09 05:05 by lcris | 0 Comments   
Filed under , ,
A discussion of password authentication schemes
I have talked in the past about how passwords for SQL logins are protected in SQL Server (see this post ). I would like to describe this scheme in a more generic way and compare it with the alternative of encrypting the passwords, because I have seen Read More...
Posted 09 May 08 01:45 by lcris | 0 Comments   
Filed under ,
Can encryption make you more vulnerable?
A recent article brings up this question and argues that encrypting data at rest can open the door to a new range of security and usability problems. Speaking only of the security aspects, I both agree and disagree, so I'd like to add a few comments on Read More...
Posted 11 February 08 04:57 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: How to debug errors in code that does encryption
Encryption builtin functions in SQL Server have no known issues and, if used properly, they will produce the expected results. However, if they are used incorrectly, it can be hard to figure out what exactly is the problem, so in this post I am going Read More...
Posted 31 January 08 12:36 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: A great post by Aaron Morton about using MARS to access opened keys
Aaron Morton has a very interesting post and demo that show how MARS can be used to access keys temporarily opened by a procedure. This is a must-read for anyone that is interested in implementing custom restrictions around the use of encryption keys. Read More...
Posted 17 January 08 10:20 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: Why you should not encrypt data with certificates
I often recommended to only encrypt data in SQL Server using symmetric keys and to reserve the use of asymmetric encryption for protection of symmetric keys and for signing. In this post, I will go in more detail about why asymmetric encryption is not Read More...
Posted 11 January 08 12:44 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: How to determine the size of a column that will hold encrypted data
This issue has been addressed before on forums, but with the heavy traffic, it can be hard to find the proper post. So, I'll provide some explanations here as well. Note: This article is written with symmetric encryption in mind, but the actual technique Read More...
Posted 11 January 08 11:05 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: Restoring the backup of a database that uses encryption
I have addressed this topic in previous threads and comments ( here , here , and here , for example), both on this blog and on various forums, but it looks like when you need the answer, it can be hard to dig out. So I'm hoping that by placing these steps Read More...
Posted 16 November 07 11:41 by lcris | 10 Comments   
Filed under , ,
SQL Server 2005: How to recover when the service master key (SMK) is not accessible
I wrote earlier today a reply on this topic on the public forums, but now that I checked, the reply appears to have got lost, although I still entertain the hope it may only have got delayed and will appear there in 24 hours. Anyway, this is the reason Read More...
Posted 14 November 07 01:55 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: A note about the use of certificates
To avoid any confusion, this post is not about the use of certificates for securing the communication between a client machine and the server; instead, this refers to the use of certificates created via the CREATE CERTIFICATE DDL. I am prompted in writing Read More...
Posted 04 October 07 08:59 by lcris | 1 Comments   
Filed under , , ,
SQL Server 2008: Transparent data encryption feature - a quick overview
I have kept silent on this feature while it was being developed, but as it has now been publicly advertised in various ways (being mentioned here , here , here , and here , for example), I think it is probably time to write a bit about it. Given that Read More...
Posted 03 October 07 04:55 by lcris | 2 Comments   
Filed under , , ,
SQL Server 2005: About login password hashes
There seem to be a couple of misconceptions around the SQL Server handling of login passwords. Hopefully, by the end of this post, you will have a much clearer idea about what is going on under the covers. Note that this refers to the passwords of logins Read More...
Posted 30 April 07 09:22 by lcris | 1 Comments   
Filed under , , ,
SQL Server 2005 security presentations at PASS - Pre Conference
If you missed the PASS Pre Conference security presentations, you can now catch up by viewing them online: http://cmcgc.com/Media/WMP/261115/ . Read More...
Posted 08 December 06 08:49 by lcris | 0 Comments   
Filed under , , ,
Who needs encryption?
For those that read my previous posts, the question in the title may be startling. I want to reassure you from the start: this post is not about encryption being a useless technique; it is just about it not being a solution for certain problems and definitely Read More...
Posted 30 November 06 06:07 by lcris | 4 Comments   
Filed under , , , ,
SQL Server 2005: How to determine what key was used to encrypt a piece of data
Let's say we have some data that is encrypted and we would like to find out what key was used to perform the encryption. SQL Server 2005 knows what key was used to encrypt the data because the key identifier (the key_guid value) is prefixed to the encrypted Read More...
Posted 06 July 06 04:23 by lcris | 1 Comments   
Filed under , ,
More Posts Next page »

Search

This Blog

These posts are provided "AS IS" with no warranties, and confer no rights.

Syndication

Page view tracker