So to summarize the current opinion is that there is no use of adding support for XTS mode of operation for ciphers in DbCrypt plugins even though such a mode is a slightly better fit with better security guarantees ?
I started the discussion because of this presentation: https://www.firebirdsql.org/file/community/conference-2016/encrypting-firebird-databases.pdf with the following quote: > Known issue: > – Encrypted size == initial size > – Use of ECB mode in AES > – Visible repeating sequences on some pages and because there was no mention of XTS mode in the possible solutions: > Possible solutions: > – Use other cipher (RC4) > – Reserve space on pages for IV at database creation time As I understand it the whole point of supporting encryption plugins is to provide additional protection when the database file is accessed with read or read/write access but not RAM access. I thought that this was clear and that is why I didn't specify it explicitly when exchanging mails with Dimitry. Regards, Hristo Stefanov ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel