Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Jim C. Nasby
On Fri, Jan 20, 2006 at 02:06:18PM -0800, Bricklen Anderson wrote: > Jim C. Nasby wrote: > >I would highly recommend taking a look at how Oracle is handling > >encryption in the database in 10.2 (or whatever they're calling it). > >They've done a good job of thinking out how to handle things like >

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Marko Kreen
On 1/20/06, David Blewett <[EMAIL PROTECTED]> wrote: > I'm not sure if this is the right list for this message; if it's not, > let me know and I'll take it up elsewhere. I found this thread today: >

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Chris Browne
[EMAIL PROTECTED] ("Joshua D. Drake") writes: >> IF they've got root, and the unencrypted data or the password / key is >> on the machine or in memory on it, you've lost. It may make it harder >> for them to get it, but they can. > This is true but in answer to your question you can use something

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Marko Kreen
On 1/21/06, Bricklen Anderson <[EMAIL PROTECTED]> wrote: > Jim C. Nasby wrote: > > I would highly recommend taking a look at how Oracle is handling > > encryption in the database in 10.2 (or whatever they're calling it). > > They've done a good job of thinking out how to handle things like > > mana

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Bricklen Anderson
Jim C. Nasby wrote: I would highly recommend taking a look at how Oracle is handling encryption in the database in 10.2 (or whatever they're calling it). They've done a good job of thinking out how to handle things like managing the keys. I know that Oracle magazine did an article on it recently

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Jim C. Nasby
I would highly recommend taking a look at how Oracle is handling encryption in the database in 10.2 (or whatever they're calling it). They've done a good job of thinking out how to handle things like managing the keys. I know that Oracle magazine did an article on it recently; you should be able t

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Bruce Momjian
Doug McNaught wrote: > David Blewett <[EMAIL PROTECTED]> writes: > > > In reading the documentation of Peter Gutmann's Cryptlib, I came > > across this section: > > "The use of crypto devices can also complicate key management, since > > keys generated or loaded into the device usually can't be ex

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Doug McNaught
David Blewett <[EMAIL PROTECTED]> writes: > In reading the documentation of Peter Gutmann's Cryptlib, I came > across this section: > "The use of crypto devices can also complicate key management, since > keys generated or loaded into the device usually can't be extracted > again afterwards. This

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread David Blewett
Quoting Scott Marlowe <[EMAIL PROTECTED]>: On Fri, 2006-01-20 at 14:47, David Blewett wrote: Quoting Scott Marlowe <[EMAIL PROTECTED]>: >> Having the table containing the index, or the database object, >> encrypted would protect against system admins, > > IF they've got root, and the unencrypt

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Scott Marlowe
On Fri, 2006-01-20 at 14:58, David Blewett wrote: > Quoting "Joshua D. Drake" <[EMAIL PROTECTED]>: > > > > >>> This is true but in answer to your question you can use something like > >>> cryptfs. Note that you will loose performance. > >>> > >>> Joshua D. Drake > >> > >> > >> I'm looking for some

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Scott Marlowe
On Fri, 2006-01-20 at 14:47, David Blewett wrote: > Quoting Scott Marlowe <[EMAIL PROTECTED]>: > > >> Having the table containing the index, or the database object, > >> encrypted would protect against system admins, > > > > IF they've got root, and the unencrypted data or the password / key is >

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread David Blewett
Quoting "Joshua D. Drake" <[EMAIL PROTECTED]>: This is true but in answer to your question you can use something like cryptfs. Note that you will loose performance. Joshua D. Drake I'm looking for something that runs *inside* of Postgres, at a higher level than a loop-back encrypted volum

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Joshua D. Drake
This is true but in answer to your question you can use something like cryptfs. Note that you will loose performance. Joshua D. Drake I'm looking for something that runs *inside* of Postgres, at a higher level than a loop-back encrypted volume. This way, it would only be available when the

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread David Blewett
Quoting "Joshua D. Drake" <[EMAIL PROTECTED]>: IF they've got root, and the unencrypted data or the password / key is on the machine or in memory on it, you've lost. It may make it harder for them to get it, but they can. This is true but in answer to your question you can use something like

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread David Blewett
Quoting Scott Marlowe <[EMAIL PROTECTED]>: Having the table containing the index, or the database object, encrypted would protect against system admins, IF they've got root, and the unencrypted data or the password / key is on the machine or in memory on it, you've lost. It may make it harder

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Joshua D. Drake
IF they've got root, and the unencrypted data or the password / key is on the machine or in memory on it, you've lost. It may make it harder for them to get it, but they can. This is true but in answer to your question you can use something like cryptfs. Note that you will loose performan

Re: [GENERAL] Page-Level Encryption

2006-01-20 Thread Scott Marlowe
On Fri, 2006-01-20 at 14:24, David Blewett wrote: > I'm not sure if this is the right list for this message; if it's not, > let me know and I'll take it up elsewhere. I found this thread today: >