| Subject | Re: [Firebird-Architect] Re: database encryption |
|---|---|
| Author | Geoff Worboys |
| Post date | 2010-11-06T01:20:45Z |
Geoff Worboys wrote:
least provide some more useful pointers.
If you think that the simple encrypt/decrypt interface offered
by Firebird at this time is only poor because it does not offer
good key processing features ... think again.
The biggest problem with the interface is that it really only
supports ECB (electronic code book) encryption - and for some
thing like a Firebird database this is effectively useless.
You will have spent all this CPU on encrypting data and yet
provided effectively no security at all.
Anyone looking to implement actual encryption (rather than just
something to while-away the CPU cycles) needs to understand
block-ciphers and how to implement them securely. You could
start trying to understand them here:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
That article doesn't mention XTS, which you'd probably want to
investigate.
After getting some basic grounding you will want to look at
something more serious - something from specialists in the
subject, not from those that just dabbler (I'm just a dabbler
too, but I know enough to understand how little I know).
You could try this book: http://www.schneier.com/book-ce.html
I've not read that one but it's much more up-to-date than my
copy of Applied Cryptography. (This is not any area where old
knowledge is good knowledge.)
--
Geoff Worboys
Telesis Computing
> It's good for the soul, character building, to not postOkay, sorry. Rather than thinking of smart quips I should at
> certain responses that come into your head ... no matter
> how tempting.
least provide some more useful pointers.
If you think that the simple encrypt/decrypt interface offered
by Firebird at this time is only poor because it does not offer
good key processing features ... think again.
The biggest problem with the interface is that it really only
supports ECB (electronic code book) encryption - and for some
thing like a Firebird database this is effectively useless.
You will have spent all this CPU on encrypting data and yet
provided effectively no security at all.
Anyone looking to implement actual encryption (rather than just
something to while-away the CPU cycles) needs to understand
block-ciphers and how to implement them securely. You could
start trying to understand them here:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
That article doesn't mention XTS, which you'd probably want to
investigate.
After getting some basic grounding you will want to look at
something more serious - something from specialists in the
subject, not from those that just dabbler (I'm just a dabbler
too, but I know enough to understand how little I know).
You could try this book: http://www.schneier.com/book-ce.html
I've not read that one but it's much more up-to-date than my
copy of Applied Cryptography. (This is not any area where old
knowledge is good knowledge.)
--
Geoff Worboys
Telesis Computing