"Will Rutherdale (rutherw)" <rutherw@xxxxxxxxx> wrote: > > Couldn't you just add a PGP based column (or similar encryption > protocol) for authentication? This would protect you against injection > attacks, would it not? > > You could also use PGP or similar for key management if I'm not > mistaken. Thanks for the input, Will. We're already doing this, the problem we've had is that the time to decrypt the data is making access too slow. Basically, people administrators need to be able to say, "show me all the registrants whose personal medical information is x" and get results in a reasonable amount of time. Decrypting the data to do the matching is about 100x slower than a typical seq scan. To give you an idea of what we've tried, I've tried pgcrypto, openssl with rc4, des and 3des, using envelope encryption, and raw aes-128 symmetrical encryption. In addition, we've purchased two different hardware accelerators for crypto to find that both of them are slower than the CPU itself, and they're both the high-end "enterprise" class cards. -- Bill Moran http://www.potentialtech.com -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
