-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Simpson wrote: > The .NET provider uses RC4 encryption. The entire file is encrypted, > including the metadata.
You also neglected to mention that the encryption key has to be provided locally to decrypt/encrypt the database :-) Since the key is already on the computer, the bad guy can just go ahead and find that as an alternative to the other attacks mentioned. And if they do you wouldn't even know they had since it won't alter the data or leave any other finger print. I like to measure security strength by how much a reasonable bad guy would charge to break it. If they had local access to the machine then it would be a few hundred dollars. If not then a few hundred plus whatever it takes to gain local access (dependent on operating system, configuration, who can be bribed if necessary, exposure to networks etc). Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpva8oACgkQmOOfHg372QQiBQCfaxiha/VzKzRnDLXzaUAckhMP Uj4AnREN+Fu2K8MwA/j4Exx/dU60MrlX =hIh6 -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users