encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
Adam Shostack
adam at homeport.org
Wed Jun 8 15:22:37 EDT 2005
On Wed, Jun 08, 2005 at 01:33:45PM -0400, astiglic at okiok.com wrote:
|
| "Ken Buchanan wrote:"
| > There are a number of small companies making products that can encrypt
| > data in a storage infrastructure, including tape backups (full disclosure:
| > I work for one of those companies). The solutions all involve appliances
| > priced in the tens of thousands. The costs come not from encryption (how
| > much does an FPGA cost these days?), but from solving the problems you
| > listed, plus some others you didn't.
| >
| > Now that the benefit of storage encryption is clearer, tape vendors
| > (StorageTek, HP, IBM, etc) are almost certainly looking at adding
| > encryption capability into their offerings.
|
| Another area where I predict vendors will (should) offer built in
| solutions is with database encryption. Allot of laws require need-to-know
| based access control, and with DBA's being able to see all entries that is
| a problem. Also backups of db data can be a risk.
| Oracle, for example, provides encryption functions, but the real problem
| is the key handling (how to make sure the DBA can't get the key, cannot
| call functions that decrypt the data, key not copied with the backup,
| etc.).
| There are several solutions for the key management, but the vendors should
| start offering them.
I would argue that the real problem is that encryption slows large
searches (is percieved to slow large searches, anyway.)
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list