[sqlite] Re: [inbox] Re: [sqlite] Data encryption

[Michael Hunley]

At 11:36 AM 1/31/2004 -0600, Kurt Welgehausen wrote:
You'll have to encrypt each column independently.  If you use
the same key and initialization vector, you should be able to
search, but of course, only for exact matches.  Also, the size
of each field will probably grow to the next multiple of your
cipher's block size, so you'll need to pad the data before you
encrypt; and you'll have to remove nulls from the encrypted
data.  I think the sequence would have to be
If you use an encryption method that makes this true, it is less 
secure.  Random salt is generally required to maintain security, but it is 
the usual risk versus ease of use balance.

the other response, using a SHA (or similar) hash for the search index and 
a secure encryption scheme on the actual data, is much better and works 
well in practice.  That still restricts you to exact match (no using "LIKE" 
and similar).

HTH.
michael 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [sqlite] Data encryption

[Kurt Welgehausen]

You'll have to encrypt each column independently.  If you use
the same key and initialization vector, you should be able to
search, but of course, only for exact matches.  Also, the size
of each field will probably grow to the next multiple of your
cipher's block size, so you'll need to pad the data before you
encrypt; and you'll have to remove nulls from the encrypted
data.  I think the sequence would have to be

  Pad each field 
  Encrypt each field
  Encode the nulls in each field
  Store the record
  --
  Fetch the record
  Restore the nulls in each field
  Decrypt each field
  Remove the padding from each field

Regards


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]