RavenDB Security Report: Inconsistent Use of KDF and Master Key

added by DotNetKicks
3/30/2018 1:30:02 PM

1 Kicks, 229 Views

This is all part of the notion of defense in depth. A database has the Master Encryption Key. This is the key that open all the gates, but we never actually use this key to encrypt anything. Instead, we use it to generate keys. This is what the KDF (Key Derivation Function) comes into play.