
	Home > Ask the SQL Server Experts > Steven Andres - Security Questions & Answers > Using asymmetric encryption

Ask The SQL Server Expert: Questions & Answers

EMAIL THIS

Using asymmetric encryption

EXPERT RESPONSE FROM: Steven Andres

		Pose a Question

		Other SQL Server Categories

		Meet all SQL Server Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 June 2006
I read a front-end program that would take sensitive data, say a social security number, and store parts of it in different databases, aaa-bb-cccc for instance and encrypt each part/database with a different key. If by chance a user could access the information, the users would only have part of the encrypted data with a dissimilar key. Therefore, breaking the crypto apart would not compromise the other portions. Could you tell me more about this?

EXPERT RESPONSE
It sounds like you're thinking of an asymmetric (public/private key) encryption system where the information is encrypted with a different key than it is decrypted with. There wouldn't be very much additional security provided by breaking up a chunk of data and encrypting it separately. You'd only end up increasing the surface area of a directed clear text attack on the cipher.

In the classic asymmetric encryption tiered-server scenario, the front-end (or middle tier) application would have access to the public key and use this to encrypt the data. Then, a second system (presumably more secure) would have access to the private key for accessing this data (such as the SSN info). In this way, if the front end was compromised and the data was extracted from the database, the data would be useless without the private key. Since it does not exist on the front end nor the database, the attacker would still need to find this "secure" server with the private key in order to access the data.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SQL Server security
	Can I encrypt and restore a database backup in SQL Server 2005?
	FAQ: How to troubleshoot and grant SQL Server permissions
	Secure SQL Server from SQL injection attacks
	How insiders hack SQL databases with free tools and a little luck
	Sarbanes-Oxley compliance checklist: IT security and SQL audits
	SQL Server source code analysis and management adds database security
	Ten common SQL Server security vulnerabilities you may be overlooking
	SQL Server 2008 security and compliance features reduce security risks
	Get your SQL Server security goals in order
	How secure is your SQL Server network design?

Steven Andres - Security

Creating a SQL Server user authentication schema

Could a join of encrypted SQL Server data have a problem?

SQL Server connection lost when SA password is changed

How to set SQL Server password for SA login

Creating a login in SQL Server 2000 Enterprise Manager

Code to connect SQL Server 7.0 to Visual Basic 6.0

Set SQL Server password on database in version 7.0

Solve SQL Server permissions and authentication problems

Create username and password for new SQL Server database

Recover password in SQL Server 2000

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

data corruption (SearchSQLServer.com)

data hiding (SearchSQLServer.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2005 - 2008, TechTarget \| Read our Privacy Policy