Just to add my $0.02 We use http://www.safenet-inc.com/ HASP HL Encryption. (We use HASP keys for end user products so it was 'free' to my internal product tracking system db.) This key allows the exe to get encrypted and optionally a data file as well.
The encryption of the program provides us with some security against a password being saved within the exe in clear form. When it comes to data encryption though, the performance penalty we suffer is 2x to 4x. Also, HASP HL data encryption + Sqlite + Windows 7, 64 bit editions don't work reliably. The HASP envelope does prevent an executable from running with a debugger open. It may be that newer versions of compiler or key will work, but I can't say that they will (nor does safenet's technical "support" actually provide answers). Bitter experience so far says "Don't use HASP for data encryption." Adam On Sun, Jan 9, 2011 at 5:40 PM, Simon Slavin <slav...@bigfraud.org> wrote: > > On 9 Jan 2011, at 5:29pm, Roger Binns wrote: > > > I think you misunderstand how the SQLite encryption extension works. The > on > > disk storage format for SQLite is a series of fixed sized pages. The > > extension transparently encrypts each page on writing to disk and > decrypts > > on reading. To use it you open/attach a database and then provide the > > password either via a C API or a pragma. You just make regular SQLite > API > > calls and everything just works. > > > > http://www.hwaci.com/sw/sqlite/see.html > > > > The various other ones pointed out do something similar but since you go > via > > their API layers they intersperse code to do encryption. I found it very > > hard to work out what they did for encryption since things like the > > algorithm used, IV (the usual weakness for home grown implementations) > etc > > do matter. They also make other choices: > > As far as I can work out, the two solutions he pointed to encrypt at the > field level. So if you understand the file structure of an SQLite database > you can, for example, work out which records have the same values in either > within a table or as across tables. It also gives you a handy-dandy > plain/crypt pair since you will know that certain fields definitely start > with 'CREATE TABLE ' and such things. > > On the other hand, these solutions are cheaper than the hwaci one. As with > most encryption it depends how much effort you think the enemy will devote > to attacking your technique. > > Simon. > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > -- VerifEye Technologies Inc. 905-948-0015x245 151 Whitehall Dr, Unit 2 Markham ON, L3R 9T1 Canada _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
