On Fri, 2005-08-26 at 12:53 -0400, Griggs, Donald wrote: > Regarding Mrs. Brisby's ending comment: > "A better defense: use a different key each time. Encrypt the session key > separately." > > I may way off in asking this, but: > Since we're talking about the encyption of data at rest, and aren't in a > client-server situation, how could sqlite make session keys work? What > would constitute a session?
The lifetime of the session is the time between encrypting the data and decrypting it. It doesn't have to be on line. PGP (for example) encrypts the message using symmetric ciphers (like RC4 or Blowfish) using a completely random key. It then encrypts the key using the public-key algorithms desired (RSA, DSA) and writes the encrypted key. This works because the receiver decrypts the encrypted random key and uses it to decode the rest of the message. It has some fantastic benefits: 1. assymetric ciphers are slow, this is certainly much faster 2. if any information is leaked about the "real key", it's very little. Often very few bits of the real key are needed. 3. Brute-force attacks on the message will yield the session key, but brute-force attacks on the encrypted session key won't yield enough information to reconstruct the key. This is similar to how SSL works as well, although the exchange is done "on line" - which is probably why you're confused about it. This is almost certainly what people are talking about when they refer to session keys. With some ciphers (like RC4), the session key can be obtained through other means. Because RC4's encryption/decryption routine permutes the keyspace, encrypting _anything_ causes permutations to occur. But because those permutations are wildly predictable (at first), many people discard the beginning of the RC4 keystream. I disagree with this. I suggest taking some random junk and encrypt it. Throw away the result. This permutes the keystream faster, and it means that no plaintext is encrypted twice accidentally. The random junk isn't secret. You can store it at the head of your ciphertext. This "random junk" is often called an initialization vector- and is a common way to reuse keys with more safety. This "IV" and "key" combination are often considered "the session key".