Table A: What is the overhead associated with TDE?
TDE tablespace encryption (Oracle Database 11g) TDE column encryption (Oracle Database 10gR2, Oracle Database 11g) Storage No additional storage overhead. Storage overhead associated with TDE column encryption is between 1 and 52 bytes for each encrypted value: • Padding to the next 16 byte (for AES; with 3DES168, to the next 8 bytes). When a value required 9 bytes of storage, encrypting this value would require an additional 7 bytes of storage. This is mandatory. • Optional: 20 byte integrity check • Optional: If ‘SALT’ is specified on the encrypted value, an additional 16 bytes is required These numbers are important for storage planning, but the DBAs or developers don’t have to manually expand the columns for TDE column encryption; the expansion is done transparently by TDE when a column is marked ‘encrypted’. Users can reduce the amount of additional storage by choosing the ‘no salt’ option (16 byte saved), and/or the new ‘nomac’ option (available from 10.2.0.4 and 11.1.0.7), which
TDE tablespace encryption (Oracle Database 11g) TDE column encryption (Oracle Database 10gR2, Oracle Database 11g) Storage No additional storage overhead. Storage overhead associated with TDE column encryption is between 1 and 52 bytes for each encrypted value: • Mandatory: Padding to the next 16 byte (for AES; with 3DES168, to the next 8 bytes). When a value required 9 bytes of storage, encrypting this value requires an additional 7 bytes of storage. • Optional: Additional 20 byte integrity check • Optional: If ‘SALT’ is specified on the encrypted column, an additional 16 bytes per value is required These numbers are important for storage planning, but DBAs or developers don’t have to manually expand the columns for TDE column encryption; the expansion is done transparently by TDE when a column is marked ‘encrypted’. Users can reduce the amount of additional storage by choosing the ‘no salt’ option (16 byte saved), and/or the ‘nomac’ option (available from 10.2.0.4, 11.1.0.7 and Oracl
