Table of Contents
Advertisement
Solving Security Challenges with Oracle Advanced Security
Selecting the network encryption algorithm is a user configuration option,
providing varying levels of security and performance for different types of data
transfers.
Prior versions of Oracle Advanced Security provided three editions: Domestic,
Upgrade, and Export—each with different key lengths. 10g Release 1 (10.1) contains
a complete complement of the available encryption algorithms and key lengths,
previously only available in the Domestic edition. Users deploying prior versions of
the product can obtain the Domestic edition for a specific product release.
RC4 Encryption The RC4 encryption module uses the RSA Security, Inc., RC4
encryption algorithm. Using a secret, randomly-generated key unique to each
session, all network traffic is fully safeguarded—including all data values, SQL
statements, and stored procedure calls and results. The client, server, or both, can
request or require the use of the encryption module to guarantee that data is
protected. Oracle's optimized implementation provides a high degree of security for
a minimal performance penalty. For the RC4 algorithm, Oracle provides encryption
key lengths of 40-bits, 56-bits, 128-bits, and 256-bits.
DES Encryption Oracle Advanced Security implements the U.S. Data Encryption
Standard algorithm (DES) with a standard, optimized 56-bit key encryption
algorithm, and also provides DES40, a 40-bit version, for backward compatibility.
Triple-DES Encryption Oracle Advanced Security also supports Triple-DES encryption
(3DES), which encrypts message data with three passes of the DES algorithm. 3DES
provides a high degree of message security, but with a performance penalty. The
magnitude of penalty depends on the speed of the processor performing the
encryption. 3DES typically takes three times as long to encrypt a data block as
compared with the standard DES algorithm.
3DES is available in two-key and three-key versions, with effective key lengths of
112-bits and 168-bits, respectively. Both versions operate in outer
Chaining (CBC)
Advanced Encryption Standard Approved by the National Institute of Standards and
Technology (NIST) in Federal Information Processing Standards (FIPS) Publication
1-6 Oracle Database Advanced Security Administrator's Guide
The U.S. government has relaxed its export guidelines for
Note:
encryption products. Accordingly, Oracle can ship Oracle
Advanced Security with its strongest encryption features to all of its
customers.
mode.
Cipher Block
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?