Hi Roger, > The problem isn't so much how you generate keys, but how you use them. > Google shows over a million hits for 'pdf encryption crack'.
You're certainly right. But there is a difference between the PDF encryption and the SQLite encryption I implemented. PDF encryption is designed in such a way that it's easily possible to decrypt a document if only access permissions are set but no password(s). For this purpose every PDF document contains two values (the U value and the O value) corresponding to the user password resp. owner password. But if a password is set it takes quite a while to crack it, although it's certainly not uncrackable. My implementation for SQLite does not store such information into the database. So it should be a bit harder to crack the encryption. Nevertheless there is a weak point in my current implementation, namely the SQLite magic file header. Since this header has 16 bytes and has a (usually known) value it could be used to reconstruct the encryption key. I don't think it's trivial to do it, but I didn't investigate how much effort it would be to crack the encryption key using this information. And probably I'll change my implementation in the next version to not give away such a clue. But, hey, my implementation is for free. If someone has really tight security constraints he or she should buy and use a commercial solution. Regards, Ulrich -- Ulrich Telle E-Mail privat: mailto:[EMAIL PROTECTED] E-Mail Studium: mailto:[EMAIL PROTECTED] Homepage: http://www.stud.fernuni-hagen.de/q1471341 Fax: +49-(0)12120-203070 ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
