What are implications for changing encryption from TRIPLE_DES to AES_128?

Question

As title asks, what are implications for changing encryption from TRIPLE_DES to AES_128?

I have an older database I've been tasked with hardening, and I need to updated the algorithm used for encryption on it.

Running this query:

SELECT name, key_length, algorithm_desc, create_date, modify_date FROM sys.symmetric_keys;

returns a result with theh name: ##MS_ServiceMasterKey##, using the TRIPLE_DES algorithm.

I didn't find any asymmetric keys used any of the database on this server.

Thanks for any help!

Answer 1

As title asks, what are implications for changing encryption from TRIPLE_DES to AES_128?

The title is actually quite misleading. Changing from a symmetric to asymmetric key in of itself doesn't change too much, potentially the amount of processing power in order to encrypt or decrypt the key and associated data.

... returns a result with theh name: ##MS_ServiceMasterKey##, using the TRIPLE_DES algorithm.

This is a the SMK or Service Master Key for the instance and can't have the algorithm type changed. This is where the additional context is key, because currently there isn't anything you can do to change it except upgrade to a newer version. You're using sql-server-2008 which has about 9 months of extended support left (July 2019) and is over a decade old - in terms of cryptography that's quite the lifetime. Newer versions of SQL Server, starting with 2012 use AES for the Service Master Key (SMK).

I need to updated the algorithm used for encryption on it.

Your only option, in this case, is to upgrade to something made in this decade (2012+).