On 02/20/2011 01:10 AM, Robert Hairgrove wrote: > I saw that, but I find it a little intrusive, programmatically speaking, > from a licensing standpoint.
Why don't you ask DRH then since you won't be the first to want to include SEE with QT and a commercial app? > I am not starting from scratch doing my own encryption; there are enough > open source libraries publicly available which are good enough for my > purposes. Yes, there are many libraries, algorithms etc. Even if you were an expert in this stuff, there would still be a large possibility of incorrectly using or combining them. History is littered with examples. > Compression is not the same as encryption. 7zip supports encryption and they have done it right. For example they have used key strengthening. Compressing the data before encryption also helps since there are fewer patterns. > I do worry that some student might get hold of the file and try to hack it. The students will be able to get physical access so pretty much anything can be worked around. > ... hash ... user-supplied passphrase ... value known internally .... > final encryption key ... unique hash value ... As I said :-) Anyone can design a scheme they themselves cannot break. It requires far more skill and experience to come up with something that is actually strong. In your situation I would just use SEE working with DRH to ensure appropriate usage. If whole file encryption is okay then I would use 7zip and its encryption features with temporary files plus the backup API in order to copy the database between the 7zip archive and the regular filesystem. Using a 7zip archive also lets you keep older copies etc. You implementing or using any kind of encryption scheme also means you defeat good system management practises. For example if whoever sets the password is incapacitated then the data cannot be recovered. Good systems management practises will typically use encryption systems (eg a filesystem) that can be accessed both by the user and by appropriate administrators. > As to the gun, Bruce Schneier already pointed out that this is one of > the more expensive options in the attack tree. ;) $60k seems like a lot and he refers to a gang. My swag is that you could hire a local thug for a few thousand to wave a gun around, all depending on the possibility of being caught or observed. Safes are far more likely to be somewhere secure and discreet and to contain valuable items. Roger _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users