So to summarize the current opinion is that there is no use of adding
support for XTS mode of operation for ciphers in DbCrypt plugins even
though such a mode is a slightly better fit with better security
guarantees ?

I started the discussion because of this presentation:
https://www.firebirdsql.org/file/community/conference-2016/encrypting-firebird-databases.pdf

with the following quote:

> Known issue:
> – Encrypted size == initial size
> – Use of ECB mode in AES
> – Visible repeating sequences on some pages

and because there was no mention of XTS mode in the possible solutions:

> Possible solutions:
> – Use other cipher (RC4)
> – Reserve space on pages for IV at database creation time

As I understand it the whole point of supporting encryption plugins is
to provide additional protection when the database file is accessed
with read or read/write access but not RAM access. I thought that this
was clear and that is why I didn't specify it explicitly when
exchanging mails with Dimitry.

Regards,
Hristo Stefanov

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to