Encrypting sensitive data in a database is as secure as the Security by Obscurity applied to the hiding of the encryption keys. Whatever scheme is used, at the end of the chain of obscurity the keys are always available in clear - either because a human has to use them, or because an application needs to access the database. We present a system of virtual encryption keys, whose values and location are unknown to any human, and do not actually exist in their entirety. We propose that this system is more secure than any other method of securing the keys that secure the data.

Article Securely Encrypting Data At Rest

More Mark Sitkowski's questions See All
Similar questions and discussions