Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Default encryption level for SQL server 2008 R2

Posted on 2014-03-27
11
Medium Priority
?
311 Views
Last Modified: 2014-05-16
If i wanted to encrypt data in SQL server 2008 R2 what level of encryption would SQL use by default?
0
Comment
Question by:iamuser
  • 6
  • 5
11 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39960561
It depends.  Are you talking about TDE or Column level encryption?
0
 

Author Comment

by:iamuser
ID: 39960599
Is there one that SQL server defaults to? When I mean encryption I mean 3des, aes and etc

John
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39960701
You have to be talking about Column level encryption and not TDE.

But to answer your question, there is no default you get to choose the most appropriate encryption to be used among around a dozen algorithms.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:iamuser
ID: 39969563
is there a way for me to tell what encryption is being used then?
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39970881
Have you looked at the code?
0
 

Author Comment

by:iamuser
ID: 39971006
That's the thing, it's not my code and I'm very versed in code. But upper management wants to know.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39973930
So your question is, you have some data and you would like to know that encryption algorithm was used?  If so, the answer is there is no way of knowing unless perhaps you were a hacker in which case you would not be asking the question here.
0
 

Author Comment

by:iamuser
ID: 39976708
This:

"So your question is, you have some data and you would like to know that encryption algorithm was used? "

Is exactly it. We are going through PCI compliance and  our PCI consultant spoke with upper management and said that we need to know what the encryption level is for the data that's being encrypted (contains CC information). I'm not very familiar with data encryption but the jest of the conversation is that if it's 3DES then we have to change it to AES. The way the software works is that they use 3DES to encrypt a master key then use that to encrypt the systemic key, which is then used to encrypt the data. That however is not good enough.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39976908
Then my answer still stands:  Without seeing the code there is no way for you to know.
0
 

Author Comment

by:iamuser
ID: 39976910
So in other words only the developers of the application can tell me
0
 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 2000 total points
ID: 39976969
Yes, anyone who has access to the code can tell you.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question