Password vs. (password + symmetric key) RRS feed

  • Question

  • Learning 101:

    I have been studying the Encryption Hierarchy in sql 2008 BOL.

    Can I safely assume that encrpyting data with both a password and symmetric key leads to harder to decrypt values than using a password alone?



    After all, why would so many paths to encrypt data be offered in the hierarchy if they were all equivalent security wise. ? (BY paths I mean "password alone", "password + symmetric key", "password + symmetric key + asymmetric key"...)

    Thursday, March 19, 2009 11:26 PM


  •  Correct. When using the SYMMETRIC KEY protected by a password, the password is required but not sufficient to access the data, permission on the SYMMETRIC KEY (VIEW DEFINITION) is also required in order to be able to use the key and decrypt the data, and opening the SYMMETRIC KEY is an auditable operation in the system. When using a passphrase to protect the data, all that is required is to know the password.

      -Raul Garcia
       SQL Server Engine
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, March 20, 2009 1:53 AM