Re: database password and encryption
From: Zachovich (Zachovich_at_discussions.microsoft.com)
Date: 12/23/04
- Next message: pmoore: "RE: Authorization Manager, ASP.NET, memory leak, InitializeClientC"
- Previous message: lelteto: "Re: CPSignHash error 80090008"
- In reply to: Valery Pryamikov: "Re: database password and encryption"
- Next in thread: Pavel Lebedinsky: "Re: database password and encryption"
- Reply: Pavel Lebedinsky: "Re: database password and encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 15:09:04 -0800
OK, Let me break it down for you....
BTW, i do not intend any offense with this message.
First off, I understand what you are getting at - what you are trying to get
across. You have a good point and I accept the theory behind what you are
saying.
I have read dozens, maybe hundreds of documents relating to protecting data,
it's not new to me
I have seen people use it in stupid ways
I have seen people use it in smart ways
I have seen people miss the whole objective when trying to implement it.
I know the basic concepts about encryption.
I know when and where to use it.
I know when and where not to use it.
I know when there is no point in using it.
I take all that in consideration when I design applications.
(a) I plan on install an application that also copies a database to a
harddrive on a computer.
(b) This database should be encrypted with a strong, proven encryption
alogorithm; so anybody who doesn't have the key can *NOT* access the database
... follow?
remember....NOT....database is a pile of garbled bits with no meaning.
AES 256, my favorite!
(c) in msde and sqlserver, if you are the admin, you can acess the database
either way, which tells me the database is either not encrypted at all or the
actual key is stored somewhere. Both are very, very bad and very, very, very,
extremely stupid to say the least.
As it is for those two, msde and sqlserver, you lose before you even start,
because there is no, (NO) way you can protect the database AT ALL. You could
perform a file encryption on the database and decrypt it with each use, but
then you would have to write it to the disk in unencrypted form before using
it, (back to the drawing board). If the database engine would allow passing a
data stream instead of a filename, that would actually be solved.
but the way things stand....give it up!
See? if I had the database protected, that would at least be a start.
I could encrypt the key several times and hide the new, resulting, keys on
different places, obfuscate, etc.
Like I said before, the applet won't see enough users to get much attention
from software hackers. Also, it will be sold for a price comparable to
freeware only, that will reduce the hackers' incentive.
Thanks Valery, happy holidays!
foreward....
I asked a question about sql server 2005, does anyone know the answer?
"Valery Pryamikov" wrote:
> I send you a link because that's describes exaclty what you are trying to
> achieve:
> you want to give a piece of encrypted information (database) together with
> information sufficient to derive encription keys and decryption code itself
> to the user and hope that would protect your data... That's exactly what
> Cory Doctorow was talking about...
> And btw, encryption is not about protection of information. It's about
> REDUCING problem of protection of big pieces of information to the problem
> of protecting much smaller pieces of data (encryption keys or any entropy
> used for deriving these encryption keys). Using 256 bit AES doesn't protect
> anything as long as keys are not apropriately protected, and you simply
> can't properly protect them when you need them to be used on end user
> computers.
>
> -Valery.
> http://www.harper.no/valery
>
> "Zachovich" <Zachovich@discussions.microsoft.com> wrote in message
> news:FB0C50D8-C17E-4DE7-A591-14B6E9896FF5@microsoft.com...
> > Excellent read! Thanks!
> >
> > But thats not what I asked and it doesn't answer my questions.
> >
> > I know the basic concepts about encryption.
> >
> > I know when and where to use it.
> >
> > I know when and where not to use it.
> >
> > I know when there is no point in using it.
> >
> > I take all that in consideration when I design applications.
> >
> > In this application, I need a relational database that is accessible by my
> > application only. Yes, I realize, anything that is protected can be
> > unprotected, but this application will not see a very wide audience, so I
> > don't think it will see any very advanced software crackers.
> >
> > So, if I can get a relational database encrypted with 256 bit Rijaendel...
> > that would be fine...
> >
> > thanks
> >
> >
> > "Valery Pryamikov" wrote:
> >
> >> Here is the link to a great answer to your question by Cory Doctorow:
> >> http://craphound.com/msftdrm.txt
> >>
> >> -Valery.
> >> http://www.harper.no/valery
> >>
> >> "Zachovich" <Zachovich@discussions.microsoft.com> wrote in message
> >> news:E7779A22-2693-438D-A766-41983AD94DBE@microsoft.com...
> >> >I am planning an application that uses a relational database. the
> >> >database
> >> > has to be secure.
> >> >
> >> > When a user installs my program on their PC I don't want them to have
> >> > access
> >> > to my database except through the program. That is a problem I ran into
> >> > with
> >> > MSDE. Since the database is not actually encrypted with a key based on
> >> > the
> >> > password, but in a way that the "administrator" can at all times access
> >> > it,
> >> > the owner of the PC (naturally the administrator) can easily open my
> >> > database
> >> > without any special tools or knowledge.
> >> >
> >> > When my program will install, it will automatically copy a new database
> >> > file
> >> > to the disk. Will there be any way I can prevent the owner from logging
> >> > onto
> >> > the SQL Server as the administrator and help himself? Can I lock the
> >> > administrator out of my database? What I was anticipating is that each
> >> > database will optionally have an additional password that you need in
> >> > order
> >> > to open it, regardless of which user you are logged on as. Currently
> >> > the
> >> > only
> >> > way to do that would be to "hog" the MSDE installation by changing the
> >> > <SA>
> >> > password. But then I would be locking out any other programs wanting to
> >> > use
> >> > the MSDE.
> >> >
> >> > I would like to know some technical security details of the SQL Server
> >> > 2005
> >> > Express. Will I be able to select the encryption algorithm a data base
> >> > uses?
> >> > Will I be able to disable Windows authentication for my database? Where
> >> > will
> >> > the password to the database be stored? Will the password be stored as
> >> > a
> >> > hash
> >> > or two-way encrypted? I read that the databases may be moved like any
> >> > typical
> >> > file (unlike MSDE), that almost makes me jump to the conclusion that
> >> > all
> >> > the
> >> > security information (password, etc.) must reside in a single file, it
> >> > that
> >> > true?
> >> >
> >> > I appreciate any assistance applied to this issue.
> >>
> >>
> >>
>
>
>
- Next message: pmoore: "RE: Authorization Manager, ASP.NET, memory leak, InitializeClientC"
- Previous message: lelteto: "Re: CPSignHash error 80090008"
- In reply to: Valery Pryamikov: "Re: database password and encryption"
- Next in thread: Pavel Lebedinsky: "Re: database password and encryption"
- Reply: Pavel Lebedinsky: "Re: database password and encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
