Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach
Steve Bellovin explains:
Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data.
In a case like the Anthem breach, the really sensitive databases are always in use. This means that they’re effectively decrypted: the database management systems (DBMS) are operating on cleartext, which means that the decryption key is present in RAM somewhere. It may be in the OS, it may be in the DBMS, or it may even be in the application itself (though that’s less likely if a large relational database is in use, which it probably is). What’s to stop an attacker from obtaining that key, or perhaps from just making database queries?
Read more on Ars Technica.