• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Default encryption level for SQL server 2008 R2

If i wanted to encrypt data in SQL server 2008 R2 what level of encryption would SQL use by default?
0
iamuser
Asked:
iamuser
  • 6
  • 5
1 Solution
 
Anthony PerkinsCommented:
It depends.  Are you talking about TDE or Column level encryption?
0
 
iamuserAuthor Commented:
Is there one that SQL server defaults to? When I mean encryption I mean 3des, aes and etc

John
0
 
Anthony PerkinsCommented:
You have to be talking about Column level encryption and not TDE.

But to answer your question, there is no default you get to choose the most appropriate encryption to be used among around a dozen algorithms.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
iamuserAuthor Commented:
is there a way for me to tell what encryption is being used then?
0
 
Anthony PerkinsCommented:
Have you looked at the code?
0
 
iamuserAuthor Commented:
That's the thing, it's not my code and I'm very versed in code. But upper management wants to know.
0
 
Anthony PerkinsCommented:
So your question is, you have some data and you would like to know that encryption algorithm was used?  If so, the answer is there is no way of knowing unless perhaps you were a hacker in which case you would not be asking the question here.
0
 
iamuserAuthor Commented:
This:

"So your question is, you have some data and you would like to know that encryption algorithm was used? "

Is exactly it. We are going through PCI compliance and  our PCI consultant spoke with upper management and said that we need to know what the encryption level is for the data that's being encrypted (contains CC information). I'm not very familiar with data encryption but the jest of the conversation is that if it's 3DES then we have to change it to AES. The way the software works is that they use 3DES to encrypt a master key then use that to encrypt the systemic key, which is then used to encrypt the data. That however is not good enough.
0
 
Anthony PerkinsCommented:
Then my answer still stands:  Without seeing the code there is no way for you to know.
0
 
iamuserAuthor Commented:
So in other words only the developers of the application can tell me
0
 
Anthony PerkinsCommented:
Yes, anyone who has access to the code can tell you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now