tags:

views:

510

answers:

5
Q: 

Encrypting a column in SQL Server 2000 database

I've been tasked with encrypting several years worth of sensitive data (don't ask) stored in a SQL Server 2000 Database. I need to encrypt both historical data and come up with a process to encrypt and decrypt new data as it flows through the system.

Edit: The processes that produce the data are not the same as the process that will consume the data, so I cannot easily implement a solution outside of SQL Server.

Most of the solutions out there seem to use extened stored procedures that call dlls that must be installed on the server.

The best I've seen so far is here, the tools are free but you have to register at the site.

Are there any better solutions out there?

+1  A: 

use .net or whatever your process is that reads/writes to your database

otherwise if I steal your hardrive I have everything I need to decrypt, it should NOT live on the same box

last year there was an incident in a data center in Chicago where over 20 servers were stolen!

SQLMenace  2009-07-09 19:30:08
This is not the answer that I wanted to hear. But after rethinking how the process works, this is the right way for us to proceed, thanks.
TGnat  2009-07-10 14:53:24
A: 

Encryption pre-SQL 2005 was quite limited as you've found and I think tools like that one you've found will be your best bet for SQL 2000.

If you can upgrade to SQL 2005+ you'll have more options open to you: i.e.

http://dotnetslackers.com/articles/sql/IntroductionToSQLServerEncryptionAndSymmetricKeyEncryptionTutorial.aspx

(database level, column level encryption)

AdaTheDev  2009-07-09 19:36:05
A: 

Encrypting the devices that the database file resides on in most cases is a better solution, TrueCrypt, EFS.

There are a lot of ways to mess up encryption especially on columns with very little data. Unless someone on the team has a complete understanding of ECB modes, rainbow attacks, and key protection the device solution is the safest and probably most efficient performance wise.

 2009-07-09 19:52:48
A: 

You can also use Netlib Encryptionizer (http://www.netlib.com/). They'll encrypt the whole database on the drive, or they can do column encryption using stored procedure or an API.

It works fine with SQL Server 2000.

Apt605  2009-07-09 20:01:03
A: 

Security was somewhat more limited in SQL 2000. SQL 2008 (enterprise ed) introduces Transparent Data Encryption which can be used to secure data-at-rest (DAR), if upgrading is an option. Another option is to use full disk encryption (FDE) such as BitLocker to encrypt the entire volume on which the SQL data files reside.

I believe there are 3rd party XPs (extended stored procs) that you can use, but I don't have add'l info on them.

Garrett  2009-07-09 20:03:23

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords