Isn't it all just obfuscation? Any root user can read your key, if not from disk then from memory. Any normal user can't read your key, nor from disk, nor from memory; and they can't read your db file either.
So if the adversary is someone with access to your disk image, disk encryption trumps db encryption (unless the disk encryption is vulnerable to known-plaintext attacks, but I guess they probably apply to sqlite too). If the adversary is another process on the same host, encrypting the db just adds obfuscation, which is security against lazy hackers. On Thu, Jun 8, 2017 at 9:04 PM Richard Hipp <d...@sqlite.org> wrote: > On 6/8/17, Wout Mertens <wout.mert...@gmail.com> wrote: > > Just musing: is an encrypted disk not more reliable? You have to store > the > > key somewhere… > > Maybe. I guess it depends on your threat model. > > Encrypting the whole disk is a system setting,. Anybody who has > access to the system can see everything on disk. You also have to > have administrator privileges to set it up. > > Encrypting a single database file is an application setting. Some > applications might want to hide there data from other applications on > the same system, or from the user of the system. Whole disk > encryption won't help there. And, database encryption requires no > special privileges. > > -- > D. Richard Hipp > d...@sqlite.org > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
