-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2010 12:21 PM, Arthur Avramiea wrote: > The pass doesn't have to be in plain text in the software ... I > can store it as sha1 or other kind of hash. Wouldn't that solve most of it? > Or some implementation of SSL.
You are confusing encryption algorithms with the keys. The decryption runs on the client and is using a key. A cracker can intercept that key. You can try and obfuscate things as much as you want, but it is still fairly trivial for a determined cracker to get it, assuming that is even the cheapest way of doing things. > The software will be ran only by the course instructor so it will not have a > big chance to get in the wrong hands. I want less exposure so that is why I > want to avoid a web interface for it. Another simple approach for a cracker is to bribe an instructor to hand over credentials and database content. Or install a USB keyboard sniffer they won't notice. If you have a web interface then the decryption and keys are all server side, so at least they remain private. That won't stop screen shots or similar approaches but at least you won't be handing over all the content at once. Anyone can design a security scheme they cannot crack themselves. That doesn't mean it can't be cracked or that it is even any good. Heck even so called experts have made mistakes - for example see SSLv1 and WEP. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyEs4cACgkQmOOfHg372QS2EQCghyZpJXD3h3diyrD2yCRULtMg TUYAoODS1Vk4ivT/5d7b6lsn7CCGJZYa =3uPA -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
