Re^3: Cryptology in the database

The problem I'm struggling with is where to store the keys.

Yes, that's the hard part. One solution could be to not store the keys on disk at all. Rather, supply them as arguments when you start your application. That way the keys are stored in memory only (and possibly also cached to disk (swap), but that's another story). An attacker would then have to gain access to your application's memory in order to access your data. I assume that to access content in memory would be considerably harder than to access content on disk.

--
Andreas

Comment on Re^3: Cryptology in the database

Replies are listed 'Best First'.
Re^4: Cryptology in the database by patspam (Sexton) on Mar 31, 2008 at 09:15 UTC
I think I'm leaning towards this option (even though it will be me who gets the alert at 4am that the server has crashed and is waiting for me to re-enter the key so it can start again..). The only thing conceptually broken about doing that is that I'm the only one with access to the box, so if someone is able to hack in and gain root access to copy the database, they could equally install a key logger to grab my 4am key entry. Patrick	[reply]
Re^5: Cryptology in the database by andreas1234567 (Vicar) on Mar 31, 2008 at 12:48 UTC
it will be me who gets the alert at 4am that the server has crashed and is waiting for me to re-enter the key so it can start again Security (more often than not) comes with inconvenience, trouble or annoyance. You will have to compare the benefits with the disadvantages and find a balance that's right for you. Since you are dealing with medical info you will probably sleep better with a secure solution anyway, that will more than make up for that once-a-year wake up call :) -- Andreas	[reply]