All, I'm hoping someone on this list can either provide details on how Oracle's "Transparent Data Encryption" (TDE) works in their Oracle Database, especially with Oracle 10g.
We have an application that is storing SSNs as cleartext which they are finally getting read to store in an encrypted format using 128-bit AES. (I am not sure if the SSNs are presently stored as NUMBER or VARCHAR2 though.) The application also will *still* have a legitimate business need of doing indexed searches via the *full* SSN. Oracle TDE is being looked at as oneoption because it is thought to be more or less transparent to application itself and its JDBC code. Also, presumably it would simplify key change operations as well since the development team wouldn't have to code for that. The Oracle TDE documentation (here for 10g: http://docs.oracle.com/cd/B19306_01/network.102/b14268/asotrans.htm) discusses the use of "salt" in section 3.2.4. Specifically, this documentation states: "Salt is a way to strengthen the security of encrypted data. It is a random string added to the data before it is encrypted, causing repetition of text in the clear to appear different when encryptee. Salt thus removes one method attackers use to steal data, namely, matching patterns of encrypted text." Salting is the TDE default for encrypted columns (at least in 10g). However, this documentation goes on to say: "However, if you plan to index the encrypted column, you must use NO SALT." Doing searches by full SSN over close to a 1M records is obviously going to need indexing, so that implies that salting cannot be used for SSNs (at least not w/out application changes, to say, search for a MAC of the SSN instead of the SSN itself, or some other similar mechanism). My confusion comes from trying to understand exactly what Oracle means when they refer to "salt". Are they really discussing the use of a random IV vs. a fixed IV? Or are the XOR'ing some random salt with the encryption key in some cases and not in others or what? For that matter, does anyone even know what cipher modes or padding schemes they use with Oracle TDE in Oracle 10g? For all I know they may be doing something like using ECB mode. It's hard to ascertain the downside of using Oracle TDE if I don't know any of these details so I'm hoping that someone on this list can comment on it. Thanks, -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
