April 26, 2017 at 10:59 pm
Comments posted to this topic are about the item Encrypting the data
April 27, 2017 at 4:53 am
The correct answer is not provided in the possible options.
According to the link provided as proof of the answer, it expressly indicates that the "CORRECT" answer is not valid for SQL 2016, as part of that answer has been depricated
WITH ALGORITHM = (OBFUSCATED so as not to give the answer away)
Specifies the encryption algorithm that is used for the encryption key.Note
Beginning with SQL Server 2016, all algorithms other than (OBFUSCATED) are deprecated.
April 27, 2017 at 4:55 am
It should be noted that:
Beginning with SQL Server 2016, all algorithms other than AES_128, AES_192, and AES_256 are deprecated. To use older algorithms (not recommended) you must set the database to database compatibility level 120 or lower.
per
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/choose-an-encryption-algorithm
April 27, 2017 at 6:03 am
SQL Server allows administrators and developers to choose from among several algorithms, including DES, Triple DES, TRIPLE_DES_3KEY, RC2, RC4, 128-bit RC4, DESX, 128-bit AES, 192-bit AES, and 256-bit AES.
April 27, 2017 at 6:51 am
The answer is AES_128 | AES_192 | AES_256 ONLY for 2016. To use the Triple_Des you have to drop the compatibility level of the database below the 2016 (130) version. You STATED that you are CREATING the key in 2016 with NO STATEMENT of a lower compatibility level. 130 is the level for 2016 and does not support Triple_Des. Please validate your answer choices against your question or provide the information necessary to arrive at the PROPER conclusion. The ONLY way we would know the level was NOT 130 is if you told us that. π
April 27, 2017 at 8:07 am
Thanks Steve for this question. Intuitively, I translate the question as follows: "Which types of algorithms can be entered for argument WITH ALGORITHM =", and this without further context.
More interesting would be if among the answers was this another: AES (128, 192, 256). π
April 27, 2017 at 9:46 am
I understand your complaints. However, despite deprecation, I can use Triple DES as a choice for the DEK. It's valid on a SQL Server 2016 instance. There's nothing in the question about compatibility level for the database. A database on a SQL Server 2016 instance is not required to be on any particular level.
I'm not sure I think that I need to specify the compatibility level for every database as well, but maybe that's the case. I would say that you're making a leap about what options are valid on SQL 2016 and extending that to assume the database is always at the level of the instance.
April 27, 2017 at 9:52 am
Steve Jones - SSC Editor - Thursday, April 27, 2017 9:46 AMI understand your complaints. However, despite deprecation, I can use Triple DES as a choice for the DEK. It's valid on a SQL Server 2016 instance. There's nothing in the question about compatibility level for the database. A database on a SQL Server 2016 instance is not required to be on any particular level.I'm not sure I think that I need to specify the compatibility level for every database as well, but maybe that's the case. I would say that you're making a leap about what options are valid on SQL 2016 and extending that to assume the database is always at the level of the instance.
I was just pointing out that in this instance it is pertinent information. The real question is why would you ever want to be on a 2016 server and not use 130? It's rhetorical BTW. π
Peace my friend.
April 27, 2017 at 12:41 pm
Plenty of reasons. You might have code that violates a 2016 keyword. You might have upgraded and forgotten to change the level, but things work fine.
April 27, 2017 at 11:46 pm
Nice one, thanks Steve.
i didn't realise that Triple-DES was deprecated.
Fortunately, only one of our db's have been set up to use it. In the process of changing that right now
____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
βlibera tute vulgaris exβ
April 28, 2017 at 12:11 am
Steve Jones - SSC Editor - Thursday, April 27, 2017 9:46 AMI understand your complaints. However, despite deprecation, I can use Triple DES as a choice for the DEK. It's valid on a SQL Server 2016 instance. There's nothing in the question about compatibility level for the database. A database on a SQL Server 2016 instance is not required to be on any particular level.I'm not sure I think that I need to specify the compatibility level for every database as well, but maybe that's the case. I would say that you're making a leap about what options are valid on SQL 2016 and extending that to assume the database is always at the level of the instance.
I agree with Steve on this. On the instances I have had the joy to administer over the years, compatibility level lower than the instance version number is more a rule than an exception, because most companies try to consolidate databases. 3rd party systems most often don't support the latest Sql Server version.
Sql Server blog: http://www.tsql.nu
April 28, 2017 at 9:57 pm
Stewart "Arturius" Campbell - Thursday, April 27, 2017 11:46 PMNice one, thanks Steve.
i didn't realise that Triple-DES was deprecated.
Fortunately, only one of our db's have been set up to use it. In the process of changing that right now
Me either. Thanks, Steve, for another question where I got to learn something new.
May 1, 2017 at 1:42 pm
Heh.... I just scribble over the data with two different ball point pens. π
--Jeff Moden
Change is inevitable... Change for the better is not.
May 2, 2017 at 6:00 am
Jeff Moden - Monday, May 1, 2017 1:42 PMHeh.... I just scribble over the data with two different ball point pens. π
And if you make a mistake, you can use white-out on the screen to fix it. π
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply