On 20 Feb 2011, at 10:52, Robert Hairgrove wrote: > On Sun, 2011-02-20 at 09:35 +0000, Philip Graham Willoughby wrote: >> For this task I would use AES-256 in counter mode with an appropriate nonce >> (the counter is trivially derived from the file offset of the block to be >> read/written). The key should be derived from the user's password using >> 10000-iteration PBKDF2 with the SHA-256 hash algorithm as the pluggable hash >> function and a suitably long salt. >> >> If you are only doing sequential block writes you can use CBC mode rather >> than counter mode - either can be used for random reads. > > Thanks, Phil. This is very helpful to me. AES-256 is an accepted > standard, and AFAICT offers the best openly available encryption today.
It's still less secure than CBC-mode ROT-13 if you use it incorrectly, and if you do not understand why that is you are very likely to do just that. Best Regards, Phil Willoughby -- Managing Director, StrawberryCat Limited StrawberryCat Limited is registered in England and Wales with Company No. 7234809. The registered office address of StrawberryCat Limited is: 107 Morgan Le Fay Drive Eastleigh SO53 4JH _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
