Database encryption can be broken.
According to security expert Alexander Kornbrust, Oracle’s standard encryption mechanism can be easily circumvented. Korbrust intends to give a presentation later this week at the Black Hat 2005 security conference demonstrating how Oracle’s encryption can be broken.
“A lot of people think that if they use this DBMS Crypto, a hacker is not able to decrypt the data, but I found a way to get the keys,” said Kornbrust. “If a hacker breaks into your database, he’s able to retrieve all of the sensitive information like credit card numbers.” read article.