Quick Links

Re: Database Encryption (now required by law in Italy)

From:	Joe Conway <mail(at)joeconway(dot)com>
To:	Silvana Di Martino <silvanadimartino(at)tin(dot)it>
Cc:	Peter Galbavy <peter(dot)galbavy(at)knowtion(dot)net>, pgsql-admin(at)postgresql(dot)org
Subject:	Re: Database Encryption (now required by law in Italy)
Date:	2004-03-08 17:29:01
Message-ID:	404CAD5D.6010503@joeconway.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Silvana Di Martino wrote:
> Oracle has a built-in feature for encrypting/decrypting this password's
> password.

Right, and this master password is only protected because Oracle is
closed source. It is not possible to do the same thing with Postgres
because you could find the master key (or the algorithm to produce it)
in the source code.

However this amounts to "security by obscurity", and anyone serious
about encryption will tell you it is insufficient. There is no way to
have cryptographically sound protection of your data using a key
embedded in the software like that.

Joe

In response to

Re: Database Encryption (now required by law in Italy) at 2004-03-08 12:26:10 from Silvana Di Martino

Responses

Re: Database Encryption (now required by law in Italy) at 2004-03-08 22:43:37 from Silvana Di Martino

Browse pgsql-admin by date

	From	Date	Subject
Next Message	philippe haas	2004-03-08 17:54:38	tcp port
Previous Message	lnd	2004-03-08 17:12:58	Re: Database Encryption (now required by law in Italy)