On 28 Jul 2009, at 9:32pm, Ram G wrote: > I have modified (credit goes to System.Data.SQLite) SQlite library to > encrypt the database. File is encrypted and data insert/update/ > retrieval > works fine. > > The question I have is, how secure is the encrypted database.
You seem to have implemented encryption yourself. Or are you using the hwachi extension ? Or sqlite-crypt ? How secure is your own method of encryption ? Do you wipe cleartext memory after doing your own encryption and decryption ? > Please correct > me if I am wrong, SQLite reads the file and stores some of the data > pages in > memory. In the case of an encrypted database, the data cached in > memory > pages is encrypted or clear text? There has to be, at some stage, plaintext data in memory somewhere. Details of how it's handled should probably be either completely public, or as secret as practical. If you want to have the best encryption of your SQLite data you should contact DRH, who maintains custom package which does exactly that (the hwachi one I mentioned earlier). See <http://www.hwaci.com/sw/sqlite/prosupport.html#crypto> Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
