Operating System - HP-UX
1748156 Members
3937 Online
108758 Solutions
New Discussion юеВ

Time to decrypt an encrypted field

 
ckchoi
Advisor

Time to decrypt an encrypted field

For Oracle 10gR2 TDE, where can I found:
1. the time required to encrypt a field?
2. the time required to decrypt a field?

Thanks.
6 REPLIES 6
Peter Godron
Honored Contributor

Re: Time to decrypt an encrypted field

Hi,
I can't find any figures provided by Oracle.
But as the tables and indexes are encrypted, no real impact on the application level should be seen. See Metalink Doc. 317311.1

Somebody posted that it took 90 minutes to encrypt a table of 27 million rows, but does not state platform or machine spec.
Hein van den Heuvel
Honored Contributor

Re: Time to decrypt an encrypted field

'It depends'

It depends on the columns size, encryption key length chosen, cpu speed, cpu family, memory speed, and perhaps most importantly the infrastructure chosen to make the encrypted fields transparant to legitimate end users. Will you store the encrypted column in the base table, or or use a view to join it in? Will you use triggers to encrypt the data?

There was an article in the Oracle Magazine a year ago which provided a good intro:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
Google will find lots of other reading on the matter.

Noone will be able to answer the specific generic question.

Best you can do is to run your own simplified benchmark. As simple as possible... but no simpler to store at least a million values plain, and a million encrypted. Next retrieve that data a million time plain, and a million time thrhough the anticipate decryption steps... all of them. That is, if the encrypted data gets to live in its own table, then the extra join should be counted towards the price of the decryption in my opinion.
Now compare the wallclock and cpu time and optionally divide by a million.

The encryption of a single field here and there will not be measurable. But [en|de]crypting lots of columns for lots of concurrent users may bring an alread oveerly busy system to its knees. It depends... and only you know the circumstances wll enough to decided what matters, what not.

In the mean time you may choose to settle for a coars approximation lik e Peter offers, knowing your number could be up to a factor 10 better or worse (cpu speed alone could give 2x or 5x), but not a factor 100.

Hope this helps some,
Hein.



ckchoi
Advisor

Re: Time to decrypt an encrypted field

Thanks.

But how can I refer Metalink Doc. 317311.1?
Peter Godron
Honored Contributor

Re: Time to decrypt an encrypted field

Hi,
if you are going to be responsible for Oracle task, I would recommend you register for an account at
https://metalink.oracle.com/

Once you have your account use the search for DOC-ID option.
ckchoi
Advisor

Re: Time to decrypt an encrypted field

Thanks for your details.

All I need to do is to select a group of records in the database (maximum around 30,000 records, with some of the columns encrypted). Then I need to decrypt such columns one-by-one for manipulations (I think it needs maximum 30,000 decryptions).

AES, 128-bit key will be used for encryption/decryption.

ckchoi
Advisor

Re: Time to decrypt an encrypted field

Actually, I'm not responsible for Oracle task but need to evaluate the performance impact of decrypting some encrypted data.

If you don't mind, would you please share the document with me by dropping me an email?