Encryption For Specific Column- Where to store the key - Mailing list pgsql-general
| From | Manuel Gysin |
|---|---|
| Subject | Encryption For Specific Column- Where to store the key |
| Date | |
| Msg-id | 53aa34d9-6354-414e-85a0-4e1ab27ee5e2@mail Whole thread Raw |
| Responses |
Re: Encryption For Specific Column- Where to store the key
(Pavel Stehule <pavel.stehule@gmail.com>)
Re: Encryption For Specific Column- Where to store the key (Merlin Moncure <mmoncure@gmail.com>) Re: Encryption For Specific Column- Where to store the key (Craig Ringer <craig@postnewspapers.com.au>) Re: Encryption For Specific Column- Where to store the key (Craig Ringer <craig@postnewspapers.com.au>) |
| List | pgsql-general |
Hello I'm currently designing a database layout where some columns are encrypted. Some tables contains sensitive user data which needs a special protection. I used http://www.postgresql.org/docs/8.1/static/encryption-options.html as a guide. - For the password field I just used a hash algorithm with some loops to protect the passwords ("Password Storage Encryption"with bcrypt). - For the sensitive columns I used "Encryption For Specific Columns", here I have later some questions. - For general data encryption I used luks (crypsetup) "Data Partition Encryption" - Connection is secured like desc. in "Encrypting Data Across A Network" with "SSL Host Authentication" Much attack use cases are covered with this but I see one problem: 1. There is a frontend (webserver) and a backend (database) - backend must be configured to not allow to much queries in a given time, else there is a possibility to get around thewhole security stuff - frontend needs too some protection against brute force 2. When encrypting some columns I need to save somewhere the key. - Frontend (very bad idea, first point of failure) - Backend (when someone can dump the database, he got the key too, encryption is in this use case useless) - Remote database (when someone can hack to the first db, it's not far away to the second db I think, but there is moretime to register an attack and force shutdown everything) - Write an dedicated application (when someone hacked this server, it's only a matter of time before he can find out wherethe key is stored in the RAM) So it seems there is no protection when someone gained access to the database server. Or is there a way? I can't see any. I'm not fit enough in attack a database server, but I think when someone has access to the database, he can simply dump thewhole tables, while the key is stored in the table, he has full access to everything in the database. At the end the questionis, where and how I should store the key to decrypt the columns? A discussion about this topic can be found under http://www.experts-exchange.com/Database/PostgreSQL/Q_21934798.html (answersare not all the time displayed...) But there were no final solution at all. Kind regards Manuel Gysin
pgsql-general by date: