3 Replies Latest reply: Apr 2, 2013 4:39 AM by InquisitiveDBA RSS

    Fastest Encryption Option for TDE

      I understand that in order to get minimal "downtime" or "performance slowdown" while performing column encrytion using Transparent Data Encryption (TDE) i have the option to do Online Table Redifinition. I am considering this option but I would also like to know the fastest way to encrypt data in terms of options that I have. Is it by using:
      AES192 or
      AES128 or
      AES256 or

      Using SALT or NO SALT?

        • 1. Re: Fastest Encryption Option for TDE
          Harm Joris ten Napel-Oracle
          Hi ,

          at any rate try to use one of the AES flavors, DES is old hat, the AES128 is 'cheapest' in terms of performance since computational overhead increases
          with key lenght, this is a tradeoff you need to decide based on requirements (the sensitivity of the data), also with AES you may have the chance to
          benefit from hardware acceleration in both Intel core and Oracle SPARC processors, please check :

          note 1365021.1 How To Benefit From Hardware Acceleration for Tablespace Encryption?

          A SALT will also cause more overhead both in computation and storage, since it makes the values that need to be encrypted a bit longer,


          Harm ten Napel

          Edited by: hnapel on Mar 26, 2013 3:11 AM
          • 2. Re: Fastest Encryption Option for TDE
            Zoran Pavlovic
            Cheapest method here is to use AES128 NO SALT NOMAC (MAC is used to ensure integrity of data, and requires more resources and more storage).

            You should use SALT only if you have repeating values in same table, to ensure uniqueness when they are encrypted.

            - Zoran
            • 3. Re: Fastest Encryption Option for TDE
              I am simulating the task in our test server (with the same specs are the production server).

              I am encrypting a single column in a table. The details are shown below:

              Table Name: CUSTOMERS
              Column Name: customer_id [ datatype is NUMBER(6) ]
              Column Attribute: Primary Key
              Table Size: approx 2 GB (not partitioned)
              Row count: 30 million

              SQL> alter table sales.CUSTOMERS modify ("CUSTOMER_ID" encrypt using 'AES128' NO SALT);

              And it took 6 hours to complete!!!

              And we have to encrypt a lot of columns. It is not easy to do a Online table redefinition as there are other tables from the same database and other databases who reference the table.

              I haven't explored moving the table in an encrypted tablespace but I will try it later.

              Any ideas on my first issue? Encryption process is really slow. :(