Subject Re: [Firebird-Architect] database encryption
Author Sijun Kang
I think the assumption that "most people wanting encrypted or
password-protected databases wants that because they want to distribute
their database to others but do not want they to see the data from outside
their applications" is debatable. For one thing, nowadays, a lot of laptop
users store their PI in applications which in turn store data in database.

Unfortunately, I'm one of them. From time to time, I wonder if the database
can be stored as encrypted when I close that application - so that I can
have peace of mind and do not worry that my data gets to somebody's hand
when I lost my laptop. A few minutes ago, Dimitry kindly pointed out that
EFS is what I want. But as I replied, EFS exposes my data to all programs
and makes it less desireable.

In short, database with encryption seems to have its niche in this world.
Regards,

Sijun Kang
On Wed, Nov 3, 2010 at 7:22 PM, Geoff Worboys <geoff@...
> wrote:

>
>
> Adriano dos Santos Fernandes wrote:
> > And most people wanting encrypted or password-protected
> > databases wants that because they want to distribute their
> > database to others but do not want they to see the data
> > from outside their applications.
>
> Thanks Adriano, that was the item missing off Jim's list. Add
> encryption and this is the use it will be put to most of the
> time - close to useless but it makes people feel better.
>
> It's got to be tempting to implement useless encryption just
> to be able to close the relevant items on tracker, but then
> you're forced to deal with all the fixes and enhancements that
> will inevitably follow. People will eventually want to deal
> with:
> . problems with paging and hibernation
> . plausible deniability
> . key files
> . security tokens and smart-cards etc
> . multiple encryption algorithms
> . cascading encryption
> . hardware acceleration (AES in the CPU)
>
> which is really frustrating when you realise that I have just
> listed some features of Truecrypt v7: http://www.truecrypt.org/
> freely available right now and makes it easy to create
> encrypted volumes that can host databases, email and anything
> else. And it's not the only option, someone here already
> mentioned EFS, which has to be tempting for those using recent
> Windows versions.
>
> The general thinking always seems to be that implementing
> encryption is easy - and these days it is! What's much harder
> is making a secure system, key management and other issues.
> If there weren't already many other very good options I'd be
> all for Firebird doing the best it could, but as it stands
> there is little that Firebird could do but make it easier for
> developers to add to the available snake-oil:
> http://www.schneier.com/crypto-gram-9902.html#snakeoil
>
> --
> Geoff Worboys
> Telesis Computing
>
>
>


[Non-text portions of this message have been removed]