?
Solved

Default encryption level for SQL server 2008 R2

Posted on 2014-03-27
11
Medium Priority
?
313 Views
Last Modified: 2014-05-16
If i wanted to encrypt data in SQL server 2008 R2 what level of encryption would SQL use by default?
0
Comment
Question by:iamuser
  • 6
  • 5
11 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39960561
It depends.  Are you talking about TDE or Column level encryption?
0
 

Author Comment

by:iamuser
ID: 39960599
Is there one that SQL server defaults to? When I mean encryption I mean 3des, aes and etc

John
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39960701
You have to be talking about Column level encryption and not TDE.

But to answer your question, there is no default you get to choose the most appropriate encryption to be used among around a dozen algorithms.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:iamuser
ID: 39969563
is there a way for me to tell what encryption is being used then?
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39970881
Have you looked at the code?
0
 

Author Comment

by:iamuser
ID: 39971006
That's the thing, it's not my code and I'm very versed in code. But upper management wants to know.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39973930
So your question is, you have some data and you would like to know that encryption algorithm was used?  If so, the answer is there is no way of knowing unless perhaps you were a hacker in which case you would not be asking the question here.
0
 

Author Comment

by:iamuser
ID: 39976708
This:

"So your question is, you have some data and you would like to know that encryption algorithm was used? "

Is exactly it. We are going through PCI compliance and  our PCI consultant spoke with upper management and said that we need to know what the encryption level is for the data that's being encrypted (contains CC information). I'm not very familiar with data encryption but the jest of the conversation is that if it's 3DES then we have to change it to AES. The way the software works is that they use 3DES to encrypt a master key then use that to encrypt the systemic key, which is then used to encrypt the data. That however is not good enough.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39976908
Then my answer still stands:  Without seeing the code there is no way for you to know.
0
 

Author Comment

by:iamuser
ID: 39976910
So in other words only the developers of the application can tell me
0
 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 2000 total points
ID: 39976969
Yes, anyone who has access to the code can tell you.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question