Beefy Boxes and Bandwidth Generously Provided by pair Networks Bob
The stupid question is the question not asked
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
secure the channel.
I will protect data in transit. I also need to protect data at rest. Either is not sufficient.
The database files are encrypted using a key known only to the server:
Security regulations (e.g. like this) require protection against insider threats to make sure data does not escape, e.g. when backed up. To have a (symmetric) key and the data on the same server is out of question.
I would advocate avoiding use of deterministic encryption altogether, because I do not think it will ever provide the data-security and data-integrity that you need.
I would normally agree, but in this case I feel the disadvantage of a less secure encryption model is probably outweighted by the advantages of not having the (symmetric) key and the data on the same server.

There are apparently advances in cryptography research (e.g. here (RSA-DOAEP), here, and here) that suggests that deterministic asymmetric encryption is becoming increasingly secure. It takes of course a long time for new algorithms to find its way into actual, usable implmentations.

This is hardly an atypical or novel requirement.
I would compare it with to store data encrypted on your server that a root user does not have access to. I would be glad to use an of-the-shelf solution. Do such exist?

Thanks for your feedback.

--
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]

In reply to Re^2: Deterministic asymmetric encryption [Crypt::RSA] by andreas1234567
in thread Deterministic asymmetric encryption [Crypt::RSA] by andreas1234567

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others drinking their drinks and smoking their pipes about the Monastery: (12)
    As of 2014-04-17 15:38 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      April first is:







      Results (453 votes), past polls