Encrypting database



I have a feeling this is a common problem, so I want to hear from people
more knowledgable about how to go about it:

This is the requirement: some pieces of data in publically accessible
database needs to be hidden from (many) users that can normally read the
entire database, and be accessible by (several) privileged users.

My intent is to do it like this:

- create a random key (e.g. 128 random bits) & encrypt the data with
this key
- encrypt that key with passwords of users that have access to the data
(i.e. for X users, X copies of the above key would be encrypted
separately with users' keys and stored) Strengths of user passwords is a
separate and unrelated issue for this :)

I guess encrypting one piece of data (the master key) several times
independantly (but with a prepended salt) will make it somewhat easier
for brute-forcing, and make it much more vulnerable if one of users'
passwords is stolen.

Any suggestions or improvements on the plan?
.



Relevant Pages

  • Re: Encrypting database
    ... database needs to be hidden from users that can normally read the ... encrypt that key with passwords of users that have access to the data ... separate and unrelated issue for this:) ...
    (sci.crypt)
  • Re: Security package for an individual in a hostile country
    ... Note that any advice you get here is given by armchair generals. ... Used to encrypt and/or hide your files. ... I'm assuming that the hostile government ... This program saves your passwords and has a ...
    (sci.crypt)
  • Re: Create hash with AES?
    ... > files, but also email, and text such as passwords... ... the AES is the most sensible choice. ... However if you're going to encrypt government data with it, ... would be wise to use a public/private key pair on a smart card. ...
    (microsoft.public.dotnet.security)
  • Re: IPSec tunnel over Gbit fibre.
    ... You're welcome Hugh. ... >the separate 'server site'. ... way would be to use GRE and encrypt it over the link endpoints. ... As the 'seats' could be in any ...
    (comp.os.linux.security)
  • Re: Security package for an individual in a hostile country
    ... Used to encrypt and/or hide your files. ... I'm assuming that the hostile government ... I believe there are Firefox extensions that ensures the Google Mail ... This program saves your passwords and has a ...
    (sci.crypt)