I am looking into MS SQL 2005 encryption (not 2008, so TDE is out), and I believe I understand the concept of how a column is encrypted. The OS uses the service credentials to encrypt the service master key, which is used to encrypt the database master key (which I create using a password), and then database master key is used for a certificate and then a symmetric key.
So, I see how an application or user needs to be able to use this cert in order to decrypt the data. However, I am wondering what kinds of attacks are possible on this setup.
If someone was able to access the MDF/LDF files for the database, they would have access to the master key. Would this not be a problem because the master key is encrypted with a strong password?
How about the case where someone has the whole server? Would the encryption scheme be protected because the service accounts' credentials that SQL runs under would be necessary to extract anything, which, again, are protected by a strong password?
My impression is that even with complete physical access, the only types of attacks would be brute force on either the service user credentials, or the master key password. Am I correct in thinking this, or am I missing something?
At the highest level, SQL Server is secured by Windows' Data Protection API, so, in theory, yeah, I think you're thinking along the right lines.
Citation