Ask the Expert

Using asymmetric encryption

I read a front-end program that would take sensitive data, say a social security number, and store parts of it in different databases, aaa-bb-cccc for instance and encrypt each part/database with a different key. If by chance a user could access the information, the users would only have part of the encrypted data with a dissimilar key. Therefore, breaking the crypto apart would not compromise the other portions. Could you tell me more about this?

    Requires Free Membership to View

It sounds like you're thinking of an asymmetric (public/private key) encryption system where the information is encrypted with a different key than it is decrypted with. There wouldn't be very much additional security provided by breaking up a chunk of data and encrypting it separately. You'd only end up increasing the surface area of a directed clear text attack on the cipher.

In the classic asymmetric encryption tiered-server scenario, the front-end (or middle tier) application would have access to the public key and use this to encrypt the data. Then, a second system (presumably more secure) would have access to the private key for accessing this data (such as the SSN info). In this way, if the front end was compromised and the data was extracted from the database, the data would be useless without the private key. Since it does not exist on the front end nor the database, the attacker would still need to find this "secure" server with the private key in order to access the data.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: