Am 01.09.2013 17:50, schrieb Clemens Ladisch:
Without a random IV/nonce, every page is guaranteed to encrypt to the same data if the contents and the key have not changed. Thus, wxSQLite3 gives an attacker the ability to determine whether any particular page has changed, by comparing the old and new versions. With SEE, rewriting a page will encrypt to a different value because the IV changes even for otherwise unchanged pages.
If SEE rewrites unchanged pages then this is certainly true. For applications with high security requirements SEE is certainly preferrable over wxSQLite3 (or other free SQLite encryption extensions like that in System.Data.SQLite, http://system.data.sqlite.org).
Many file formats have fixed parts. However, this is not a problem with properly implemented encryption algorithms.
Knowing the plain text corresponding to a certain encrypted part (especially at the beginning of the file) certainly does impose a problem. At least for AES-128 there are certainly chances to break the key based on the knowledge of the plain text of the SQLite database header.
Regards, Ulrich _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
