Ulrich Telle wrote: > Am 31.08.2013 22:01, schrieb Etienne: >> I simply wanted to warn the OP that wxSQLite, while free, does NOT use >> salts: > > Well, that's not completely true. The encryption extension coming with > wxSQLite3 uses a different IV (initial vector) for each database page. > True is that the IVs are not random, but deduced from the page number. > However, I don't see much difference between generating an IV > algorithmic or using a random nonce which is stored at the end of each > database page
<http://en.wikipedia.org/wiki/Initialization_vector> says: | Randomization is crucial for encryption schemes to achieve semantic | security, a property whereby repeated usage of the scheme under the | same key does not allow an attacker to infer relationships between | segments of the encrypted message. Without a random IV/nonce, every page is guaranteed to encrypt to the same data if the contents and the key have not changed. Thus, wxSQLite3 gives an attacker the ability to determine whether any particular page has changed, by comparing the old and new versions. With SEE, rewriting a page will encrypt to a different value because the IV changes even for otherwise unchanged pages. > The weak point of probably all SQLite encryption methods is that the > unencrypted content of the first 16 bytes of a SQLite database file is > well known. Many file formats have fixed parts. However, this is not a problem with properly implemented encryption algorithms. Regards, Clemens _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
