This talk describes architecture flaws of the Oracle's database encryption packages dbms_crypto and dbms_obfuscation_toolkit. These encryption packages are used to encrypt sensitive information in the database. A hacker can intercept the encryption key and use this key to decrypt sensitive information like clinical data, company secrets or credit card information. Even if a flexible key management algorithm (every row has his own key) is in use it is possible to reverse engineer this algorithm quite fast.

A basic knowledge of Oracle databases (PL/SQL) is recommended.

Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialised in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings. Before that he worked several years for Oracle Germany, Oracle Switzerland and IBM Global Services as consultant.

Alexander Kornbrust is working with Oracle products as DBA and developer since 1992. During the last 5 years found over 100 security bugs in different Oracle products.

Publications and further information can be found at: http://www.red-database-security.com

Ver todos los episodios