About TDE and physical access to the database

Posted by Jimmer on 13-Jun-2018 02:57

Hello,

I have started exploring TDE and was reading about its practicality and effectiveness. There's something I'm still missing though

I understood that network traffic to/from the db is not encrypted, TDE applying at the level of the physical files.

And for that it uses a ks file. But the ks file is stored in the same location as the database (and thus exposed?), which means if I copy my database directory elsewhere, I would've kinda copied all the needed elements to access it, as the encryption is not bound to the server I'm running my db on.

Now assuming that manual start mode is used (since autostart mode is not really usable on sensitive data), the only thing preventing my access to the database is the password/passphrase? And can't a brute force approach be scripted to try and guess the password? 

Overall I'm not trying to search for flaws, my main purpose is to understand how TDE will protect my database, and specifically since it applies to physical files, how will it protect my database from people who already have physical access to it? 

Thanks, and sorry for all the questions.

Regards,

JM

All Replies

Posted by gus bjorklund on 13-Jun-2018 09:24

What you say is correct. TDE protects data at rest. The data, transaction logs, dump files, backups, after image journals can all be encrypted.

For the passphrase, you should use something longish, much longer than a 6 character password. That’s why it is a “phrase”. Pick a sentence you can remember. "When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another” for example.

Also, note that the keystore file contents are encrypted.

This thread is closed