-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay A. Kreibich wrote: > All you really need to do is splice your code between the VFS that > the SQLite engine sees and the native VFS layer that comes with the > distribution, adding a bit of extra code to xRead() and xWrite() to > munge the data.
It is certainly possible to do it this way. It is however a really bad idea to write your own encryption scheme. Anyone can come up with a design for the capabilities they cannot break themselves, but that does not mean that others cannot break it. (Note that I am not talking about the encryption algorithms themselves - I assume no one would be silly enough to try and come up with new ones of those - but rather how one or more encryption algorithms are combined to act on the data.) History is littered with experts (no less) who designed schemes that later turned out to be no good. Some examples are SSL version 1, SSL version 2 and WEP. There really are a lot of things to consider. For example if the scheme doesn't account for timing attacks (ensuring all routines take a constant amount of time no matter if or how much of the key is correct or incorrect) then it becomes rather easy to crack the correct key. Consequently it would be foolish to not use the SEE extension, and pay the small fee for it. You can then work on an improved scheme but need to ensure it is reviewed by multiple security experts and verify the implementation is solid, and at the very least better than SEE. This of course will set you back way more than SEE costs. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktOYDcACgkQmOOfHg372QQ65wCfaeeQj27LcpksjAwhNOkh2Q/U 8BYAoLkDupRYnA/Q16cZPNHseTYT1kxm =iZWS -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
