Need some SECURITY.FDB --> SECURITY3.FDB upgrade feature
Key: CORE-4996
URL: http://tracker.firebirdsql.org/browse/CORE-4996
Project: Firebird Core
Issue Type: New Feature
Co
>>But I don't think we should add a set (text for display, xml, json) of
>>formats in the engine. That's client's job to parse and transform a
>>standard format.
>>Adriano
You know we can resign from grouping on server side because it can be done
on client side ;-)
Features should be simple to us
On 11/8/2015 12:25 PM, Dimitry Sibiryakov wrote:
> 08.11.2015 17:18, Jim Starkey wrote:
>> Keep in mind that you will need to use something other than ECB mode.
> Sure. But still there is a problem with first block and initialization
> vector. That's
> why I would like to have some place for a
Personally, I prefer much more XML than "another internal format just
for display purposes".
But I don't think we should add a set (text for display, xml, json) of
formats in the engine. That's client's job to parse and transform a
standard format.
Adriano
Em 08/11/2015 13:05, liviuslivius esc
08.11.2015 18:55, Vlad Khorsun wrote:
>> One problem: crypto-plugin has no idea which database it works with.
>> And no interface
>> >to find it out at hand. All it has is an array of bytes to decrypt and a
>> >key got from a
>> >holder.
> It have key name, IIRC
Crypto-plugin provide
08.11.2015 19:43, Dimitry Sibiryakov wrote:
> 08.11.2015 18:31, Vlad Khorsun wrote:
>> I have correct encryption key when user first encrypt database. It is
>> possible to encrypt
>> something known to the engine by this key and store somewhere. Next time
>> this encrypted data
>> could be u
08.11.2015 18:31, Vlad Khorsun wrote:
> I have correct encryption key when user first encrypt database. It is
> possible to encrypt
> something known to the engine by this key and store somewhere. Next time this
> encrypted data
> could be used to verify user-supplied key.
>
> BTW, this a
08.11.2015 19:13, Dimitry Sibiryakov wrote:
> 08.11.2015 18:11, Vlad Khorsun wrote:
>> 08.11.2015 17:01, Dimitry Sibiryakov wrote:
08.11.2015 15:53, Vlad Khorsun wrote:
>> Only reliable way to validate encryption key is to use it in
>> encryption, for example:
>> encrypt som
08.11.2015 17:18, Jim Starkey wrote:
> Keep in mind that you will need to use something other than ECB mode.
Sure. But still there is a problem with first block and initialization
vector. That's
why I would like to have some place for a random salt. But if everybody think
that it is a
stupi
08.11.2015 18:11, Vlad Khorsun wrote:
> 08.11.2015 17:01, Dimitry Sibiryakov wrote:
>> >08.11.2015 15:53, Vlad Khorsun wrote:
>>> >> Only reliable way to validate encryption key is to use it in
>>> >> encryption, for example:
>>> >>encrypt something using correct key and decrypt using key to
08.11.2015 17:01, Dimitry Sibiryakov wrote:
> 08.11.2015 15:53, Vlad Khorsun wrote:
>> Only reliable way to validate encryption key is to use it in
>> encryption, for example:
>> encrypt something using correct key and decrypt using key to validate and
>> compare results.
>
> It is nice,
On 11/8/2015 7:14 AM, Dimitry Sibiryakov wrote:
> 08.11.2015 12:34, James Starkey wrote:
>> Or have I missed sonething?
> RC4 is a stream cipher. For data pages it works much worse.
> Hardware-accelerated AES is an interesting idea, thanks.
>
You're absolutely right about stream ciphers for
Hi,
> > Why XML? JSON representation is more compact.
I stareted with xml because most RDBMS have it and it is simple to analyze.
In the next step i can prepare JSON format
but first this pull request must be analyzed by fb developers if it is
acceptable
regards,
Karol Bieniaszewski
---
08.11.2015 16:52, Simonov Denis wrote:
> Why XML? JSON representation is more compact.
If there is no application ready to parse and interpret such formats for a
user,
/dev/nul wins.
--
WBR, SD.
--
Firebird-Deve
liviuslivius wrote Sun, 08 Nov 2015 18:05:34
+0300:
> Hi,
> ignore my prev post - i do one error there
> this is my first pull request and i do not know how do it right
> I have finished work on explained plan in xml format
> I have worked on FB3RC1 svn repository (revision 62517)
> here is
Hi,
ignore my prev post - i do one error there
this is my first pull request and i do not know how do it right
I have finished work on explained plan in xml format
I have worked on FB3RC1 svn repository (revision 62517)
here is link to patch generated from svn
if there is better place to uplo
08.11.2015 15:53, Vlad Khorsun wrote:
> Only reliable way to validate encryption key is to use it in encryption,
> for example:
> encrypt something using correct key and decrypt using key to validate and
> compare results.
It is nice, but if you have a correct key and an user provided key
Hi,
this is my first pull request and i do not know how do it right
I have finished work on explained plan in xml format
I have worked on FB3RC1 svn repository (revision 62517)
here is link to patch generated from svn
if there is better place to upload it then inform me
http://s000.tinyupload.c
08.11.2015 13:03, Dimitry Sibiryakov wrote:
> 08.11.2015 11:58, Vlad Khorsun wrote:
>> Are you going to say that encryption is useless if algorithm is known ?
>
> No. How did you read that?
Only reliable way to validate encryption key is to use it in encryption, for
example:
encrypt
08.11.2015 12:34, James Starkey wrote:
> Or have I missed sonething?
RC4 is a stream cipher. For data pages it works much worse.
Hardware-accelerated AES is an interesting idea, thanks.
--
WBR, SD.
--
Firebird-
On Sunday, November 8, 2015, Dimitry Sibiryakov wrote:
> 08.11.2015 12:08, Vlad Khorsun wrote:
> .
>
>Faster cryptoalgorithms are vulnerable to attack by known text. To make
> analysis
> harder, some random salt used to be appended in the beginning.
>
>
Really? Can you give an example of a
08.11.2015 12:08, Vlad Khorsun wrote:
> Looks like you have questionable (or wrong) design in mind and going to
> force it to us.
Nope. Since I have my playground named Avalerion, I have no will to force
anything to you.
> More details could help to understand you.
Faster cryptoalgor
07.11.2015 16:54, Dimitry Sibiryakov wrote:
> 07.11.2015 15:49, Vlad Khorsun wrote:
>>> Is it too late to include most of page header into encrypted part of
>>> a page, leaving
unencrypted only page type and flags?
>> For what ? IIRC, pag_scn and pag_pageno is required for physical
08.11.2015 11:58, Vlad Khorsun wrote:
> Are you going to say that encryption is useless if algorithm is known ?
No. How did you read that?
>> > I'd suggest to reserve last four bytes on every page and put CRC32
>> > checksum there. This
>> >way we can be protected from both wrong decr
07.11.2015 17:11, Dimitry Sibiryakov wrote:
> 07.11.2015 15:57, Vlad Khorsun wrote:
>> I'd say it will be good to have ability to validate encryption key when
>> it is passed into the engine. I.e. not at every page read
>
> Say, a malefactor has algorithm, but not a key (which is usual sit
Hello, All.
Key holder example can be made much simpler and readable if using multiple
inheritance.
With ordinary classes I would do it this way:
class CryptKeyHolder: public IKeyHolderPlugin, public ICryptKeyCallback
Is it possible with CLOOP templates?
--
WBR, SD.
06.11.2015 16:04, Alex Peshkoff wrote:
> On 11/06/2015 05:59 PM, Dimitry Sibiryakov wrote:
>> Example application works for embedded database access, but not for
>> remote. Is it as
>> expected?
>
> It worked for me in remote connections when I was checking it. Will
> recheck in the beginning
27 matches
Mail list logo
