Geoff Worboys wrote:

> Aage Johansen wrote:
> ...
>> For systems that just encrypt a selection of fields, what
>> happens with size of the fields? Is there a point in
>> encrypting a char(11) field (maybe it's childs play to
>> decrypt them)?
>
> You have TrueCrypt (or whatever) mount the encrypted file as
> if it were a disk (drive X: or something - under NTFS you can
> even mount as part of a path). The operating system sees this
> mounted file as if it were a disk/volume.
>

From what I read about TrueCrypt I did not think it supported
encryption of specific fields. My concern here was with encryption
systems (facilities within the database server program) which might
provide such a thing. I think this - ecryption of just some fields -
was mentioned as (part of) an acceptable solution in the regulations.

I think an encrypted volume (or part of a volume) would cover
reasonable requirements, but I'm not yet sure that the specific laws
and regulations will be satisfied.


Will caching (by the encryption system) break the protection that
Firebird's forced-write provides? E.g. will the sequence of pages
written do disk be altered?

> See their beginners tutorial:
> http://www.truecrypt.org/docs/?s=tutorial

I've looked at parts of the documentation.

> If these characteristics are not to you liking you could look
> at using the Windows supplied NTFS file system encryption. I
> have never used it but imagine that it can be made to do what
> you need - but I suggest you study it carefully first to make
> sure you do not use it in such a way that you will weaken the
> security. I imagine there must be articles around to help.

Windows NTFS file encryption seems to provide volume encryption (like
TrueCrypt). Which one is "best" I don't know. What little I read
about TrueCrypt looked quite good.


--
Aage J.