I posted a comment awhile back, and thought I would turn it into a question.
Example: There is a feature in the Microsoft SQL Server for full database encryption, which seems to have an option that does not require a password on reboot. I understand you can use DPAPI or EKM, but I am still unsure to the actual limitations of such a system.
I actually am not interested in the Microsoft SQL Server feature specifically, only in the limitations of a theoretical encryption scheme.
Question: Given a server that requires the encryption key to be recreatable without requiring a user to input a secret, How much of a barrier can be placed against the attacker?
I am aware of the following
- Complexity (the attacker may not know how to decrypt without looking at my program's code)
- User Access barriers (the operating system may be able to store the information in such a way that the user accounts are unable to access without root)
Beyond that, I am lacking any concrete ideas:
If the attacker could read the disk, it seems you would have no protection. (unless maybe you used special encryption hardware)
Finally, for the key to be stored on a different computer, again, I don't see how (assuming Complexity & Security through Obscurity is overcome) you could prevent that different computer from providing the necessary key to the attacker that has access to the server who normally is permitted.
So, any guidance on a typical encryption scheme would be appreciated, and what the limitations would normally be.