> On Jun 8, 2017, at 3:13 PM, Wout Mertens <wout.mert...@gmail.com> wrote: > > Isn't it all just obfuscation? Any root user can read your key, if not from > disk then from memory.
Keys on disk are [or should be!] generally stored by special OS subsystems (like the Keychain on Apple platforms) that use encrypted storage, the keys to which are in turn managed by a secure enclave in the CPU and/or derived from user login passphrase. I believe (but don’t know the details) that on macOS it’s pretty difficult for a process to get access to another process’ address space, even one running as the same user. If this capability is covered by System Integrity Protection, then it would require more than just(!) root access, involving at least a reboot into system recovery mode to turn off SIP; i.e. needing physical access to the machine. On iOS, processes are completely sandboxed from each other, most of the types of exploits used to get root are unavailable, and getting any access to a locked or powered-down device is close to impossible, as the FBI found out in the San Bernardino case last year. In any case, regardless of the technical benefits, there can be legal requirements for app-level encryption, for example apps storing health data which in the US fall under HIPPAA. (It’s actually a bit vague about whether encryption is strictly required, but this tends to be interpreted as “if it’s feasible, encrypt it”: https://www.sookasa.com/resources/HIPAA-encryption/ ) —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
