On Friday, August 21, 2015, Scott Morgan bl...@blueyonder.co.uk wrote:
Q1 : 4, I don't expect NSA defeating crypto[0], but enough to keep
casual eyes away from expensive data.
Q2 : 5, It's a must. Whether the key is somehow held internal to the
.FDB file (with it's own pswd, no system wide
On 20-8-2015 13:49, James Starkey wrote:
SHA1 produces a 160 bit hash or 2^160 possible values. To search the
hash space, on average you have to try half of these, or 2^159 probles.
A decimal digit requires about three and a half bits, so round that up
to four. So expressing the number of
One of the tenants of moderm cryptology is that algorithms and mechanisms
have to be published for analysis and review. The basic idea is that
security is based on a mathematical impossibility that a cryptosystem cabe
be broken within the time remaining in the universe. The once dominant
idea
James Starkey wrote:
Once it was belived that nobody could get fired for going IBM
(SNA anyone? Anyone?).
I worked with SNA / SDLC for some years. I don't remember
anyone getting fired for choosing it.
--
Geoff Worboys
Telesis Computing Pty Ltd
I have a strong preference for portable, transparent solutions.
That I can understand and would always be the best solution, but not always
possible.
There is also the small point that it has been broken (see Wikipedia).
As I read it, it was mostly before Windows XP. Since Windows Server
On Saturday, August 22, 2015, Brian Vraamark brian.vraam...@plandent.dk
wrote:
On windows you can use DPAPI. I don't know if Linux (and other systems)
has something similar (maybe Gnome-Keyring?).
I have a strong preference for portable, transparent solutions. In theory,
Microsoft has the
Problem: How to start server on encrypted database files with a human to
supply a password.
Idea: Assume SRP is being used for authentication and that all (or most or
some) are using long, randomly generated passwords from a client-side vault (or
equivalent). This means that it is safe to
On windows you can use DPAPI. I don't know if Linux (and other systems) has
something similar (maybe Gnome-Keyring?).
On the server you need to create an account used exclusively by the Firebird
Service. Firebird can then use CryptProtectData() and CryptUnprotectData() to
encrypt the database
