This is one of all your security gurus.
I have a SQL Server 2005 database with a primary database key that is encrypted with a very strong password using a server key, which, in turn, is encrypted using the credentials of the service account at the Windows data protection level.
I have a certificate that is encrypted using the primary key of the database.
I have a symmetric key using AES256, which is encrypted using a certificate, and I use a symmetric key to encrypt and decrypt confidential fields in the database.
What does someone need to crack the encrypted fields in the database? My only assumption is that brute force cannot be used due to the strength of the symmetric encryption algorithm, and the symmetric key itself is protected by four additional encryption levels:
Windows DPAPI → Server → Database → Certificate → Symmetric Key
which seems pretty stressful to me.
Do not include the obvious answer “get the username and password of the system administrator, use drugs and sleep with him”, which is definitely important, but not what I want.
source
share