| Subject | Re: [firebird-support] Encryption |
|---|---|
| Author | Milan Babuskov |
| Post date | 2009-06-22T09:49:32Z |
Aage Johansen wrote:
Encryption/decryption is done by the CPU, while disk I/O is mostly the
same. I don't use TrueCrypt, but I do use dm-crypt which is built in
Linux 2.6 kernel.
So, if you use Linux as your database server, you really don't have to
install anything. Just use Linux native device-mapper and encrypt the
entire partition. This takes care of "someone getting access to the hard
disk" problem. Of course, while system is running the file is completely
readable, so one should use other security measures (filesystem and user
privileges, GRANTs in Firebird database, etc.) to protect it.
From what I've seen so far (during bulk inserts and other I/O intensive
operations), the performance has degraded about 5%.
disk partitions. The size difference is almost none. Here are the stats
for one of partitions on my disk:
Size of disk partition in bytes: 68364607
Size of encrypted partition in bytes: 67290544
So, I lost about 100MB on a 6GB volume. This is about 1.6%.
HTH
--
Milan Babuskov
http://www.flamerobin.org
http://www.guacosoft.com
> > . TrueCryptIn most cases the bottleneck with databases is disk I/O, not the CPU.
> > http://www.truecrypt.org/
>
> Could you say something about "performance penalty", if any?
Encryption/decryption is done by the CPU, while disk I/O is mostly the
same. I don't use TrueCrypt, but I do use dm-crypt which is built in
Linux 2.6 kernel.
So, if you use Linux as your database server, you really don't have to
install anything. Just use Linux native device-mapper and encrypt the
entire partition. This takes care of "someone getting access to the hard
disk" problem. Of course, while system is running the file is completely
readable, so one should use other security measures (filesystem and user
privileges, GRANTs in Firebird database, etc.) to protect it.
From what I've seen so far (during bulk inserts and other I/O intensive
operations), the performance has degraded about 5%.
> How do the sizes of encrypted and unencrypted files compare?This type of encryption does not encrypt separate files, but entire hard
disk partitions. The size difference is almost none. Here are the stats
for one of partitions on my disk:
Size of disk partition in bytes: 68364607
Size of encrypted partition in bytes: 67290544
So, I lost about 100MB on a 6GB volume. This is about 1.6%.
HTH
--
Milan Babuskov
http://www.flamerobin.org
http://www.guacosoft.com