On 20 Feb 2011, at 09:10, Robert Hairgrove wrote: > I am not starting from scratch doing my own encryption; there are enough > open source libraries publicly available which are good enough for my > purposes.
And all of them offer approximately no security if you use them incorrectly. For this task I would use AES-256 in counter mode with an appropriate nonce (the counter is trivially derived from the file offset of the block to be read/written). The key should be derived from the user's password using 10000-iteration PBKDF2 with the SHA-256 hash algorithm as the pluggable hash function and a suitably long salt. If you are only doing sequential block writes you can use CBC mode rather than counter mode - either can be used for random reads. Best Regards, Phil Willoughby -- Managing Director, StrawberryCat Limited StrawberryCat Limited is registered in England and Wales with Company No. 7234809. The registered office address of StrawberryCat Limited is: 107 Morgan Le Fay Drive Eastleigh SO53 4JH _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
