On Mon, 2005-08-22 at 17:19 -0400, Mike Shaver wrote: > On 8/22/05, Edwin Knoppert <[EMAIL PROTECTED]> wrote: > > Hmm, but every known file format has an header. > > Sqlite has a string, not really a header as it seems. > > Maybe for v4 to implement a real header (if not yet) > > A header doesn't need to be encrypted. > > (A bit for testing if it's encrypted might have it use as well) > > In fact, I was wondering about this very issue when I was working on > my own encryption layer for Mozilla's storage use. Does the reliable > format of the first page (known sqlite header string, various other > fields that are very likely to be zero or in some way related to the > size of the DB file) not make known-plaintext attacks on the encrypted > database much easier?
The key schedule is perturbed by a randomly chosen nonce that is added to each page. The size of the nonce is selectable when the database is created and defaults to 4 bytes. This makes an encrypted database about 0.4% larger than an unencrypted database (since the nonce has to be stored, thus reducing the space available to store real data) but it also make known or chosen plaintext attacks considerably more difficult. -- D. Richard Hipp <[EMAIL PROTECTED]>
