Hi,

I was wondering if anyone is aware if there are any best practices
regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT?
I'm particularly interested in how we can protect the
encryption/decryption key that we would use.

Thanks,
Jim

On Mon, 13 Jun 2005 18:57:08 -0400, ohaya interested us by writing:

> I'm particularly interested in how we can protect the
> encryption/decryption key that we would use.

Discussed in Chapter 13 of "Effective Oracle Database 10g Security by
Design"

HTH
--
Hans Forbrich
Canada-wide Oracle training and consulting
mailto: Fuzzy.GreyBeard_at_gmail.com
*** I no longer assist with top-posted newsgroup queries ***

ohaya <ohaya@cox.net> wrote in news:42AE0F44.73D46E0@cox.net:

> Hi,
>
> I was wondering if anyone is aware if there are any best practices
> regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT?
> I'm particularly interested in how we can protect the
> encryption/decryption key that we would use.
>

The obivious solution to this problem is to encrypt the key to protect it!

ohaya wrote:
> Hi,
>
> I was wondering if anyone is aware if there are any best practices
> regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT?
> I'm particularly interested in how we can protect the
> encryption/decryption key that we would use.
>
> Thanks,
> Jim

Best practice is to upgrade to 10g as DBMS_OBFUSCATION_TOOLKIT is not
all that secure by current standards. If you can't upgrade far more
information would be required to advice you.

Personally: I like to hide things in plain sight.
--
Daniel A. Morgan
http://www.psoug.org
damorgan@x.washington.edu
(replace x with u to respond)

DA Morgan wrote:
>
> ohaya wrote:
> > Hi,
> >
> > I was wondering if anyone is aware if there are any best practices
> > regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT?
> > I'm particularly interested in how we can protect the
> > encryption/decryption key that we would use.
> >
> > Thanks,
> > Jim
>
> Best practice is to upgrade to 10g as DBMS_OBFUSCATION_TOOLKIT is not
> all that secure by current standards. If you can't upgrade far more
> information would be required to advice you.
>
> Personally: I like to hide things in plain sight.


Hi Daniel et al,

We're currently on 9i (sorry, I forgot to mention that). There may be
plans to go to 10g, but I haven't seen anything definitive thus far.

I'm inferring from your post that 10g has some features that obviate
problems with key management. If so, can you tell me what those are?

Thanks,
Jim

ohaya wrote:
>
> DA Morgan wrote:
>
>>ohaya wrote:
>>
>>>Hi,
>>>
>>>I was wondering if anyone is aware if there are any best practices
>>>regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT?
>>>I'm particularly interested in how we can protect the
>>>encryption/decryption key that we would use.
>>>
>>>Thanks,
>>>Jim
>>
>>Best practice is to upgrade to 10g as DBMS_OBFUSCATION_TOOLKIT is not
>>all that secure by current standards. If you can't upgrade far more
>>information would be required to advice you.
>>
>>Personally: I like to hide things in plain sight.
>
>
>
> Hi Daniel et al,
>
> We're currently on 9i (sorry, I forgot to mention that). There may be
> plans to go to 10g, but I haven't seen anything definitive thus far.
>
> I'm inferring from your post that 10g has some features that obviate
> problems with key management. If so, can you tell me what those are?
>
> Thanks,
> Jim

Key management is always an issue. But with 10g there are a lot of new
features that provide far greater security and help with management.
Go to http://tahiti.oracle.com
click on 10g Release 1
enter the search criterion "DBMS_CRYPTO"
you will find what you need
--
Daniel A. Morgan
http://www.psoug.org
damorgan@x.washington.edu
(replace x with u to respond)