On 9 Jan 2011, at 5:29pm, Roger Binns wrote: > I think you misunderstand how the SQLite encryption extension works. The on > disk storage format for SQLite is a series of fixed sized pages. The > extension transparently encrypts each page on writing to disk and decrypts > on reading. To use it you open/attach a database and then provide the > password either via a C API or a pragma. You just make regular SQLite API > calls and everything just works. > > http://www.hwaci.com/sw/sqlite/see.html > > The various other ones pointed out do something similar but since you go via > their API layers they intersperse code to do encryption. I found it very > hard to work out what they did for encryption since things like the > algorithm used, IV (the usual weakness for home grown implementations) etc > do matter. They also make other choices:
As far as I can work out, the two solutions he pointed to encrypt at the field level. So if you understand the file structure of an SQLite database you can, for example, work out which records have the same values in either within a table or as across tables. It also gives you a handy-dandy plain/crypt pair since you will know that certain fields definitely start with 'CREATE TABLE ' and such things. On the other hand, these solutions are cheaper than the hwaci one. As with most encryption it depends how much effort you think the enemy will devote to attacking your technique. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
