| Subject | Re: [Firebird-Architect] Re: database encryption |
|---|---|
| Author | Sijun Kang |
| Post date | 2010-11-07T12:25:05Z |
IMHO - if we can defend the content to the level of pushing the adversary to
decryption, that's already a success.
I assume that following some guidelines to use an algorithm properly is not
as difficult as designing a secure algorithm. Most of us maybe blind about
how to design a secure algorithm, but should not be treated as so blind when
it come to use it. After all, there are so many libraries that we can use
and there are some predecessors to follow (such as TrueCrypt).
2010/11/7 Geoff Worboys <geoff@...>
decryption, that's already a success.
I assume that following some guidelines to use an algorithm properly is not
as difficult as designing a secure algorithm. Most of us maybe blind about
how to design a secure algorithm, but should not be treated as so blind when
it come to use it. After all, there are so many libraries that we can use
and there are some predecessors to follow (such as TrueCrypt).
2010/11/7 Geoff Worboys <geoff@...>
> Dimitry Sibiryakov wrote:[Non-text portions of this message have been removed]
> > How strong is AES against known plaintext attack? Content
> > of some network packets and database pages can be predicted
> > with very high probability.
>
> As far as I know all symmetric encryption algorithms are
> deterministic and so are all subject to known-plaintext attack,
> but most of this sort of detail is in the implementation ... if
> you know how to do it properly you can cover such issues.
>
> Remember that the encryption algorithm is just one part of it,
> the protocol (both line and in-code) plays a critical part in
> making the algorithm secure. (This is the sort of stuff I was
> talking about with block-cipher modes of operation, I imagine
> the same sorts of techniques must apply to line encryption.)
> This is why you can't just pickup an algorithm and use it, you
> must understand how it should be used to ensure security.
>
> At the moment much of this conversation is the blind leading
> the blind. If anyone is going to take this project seriously
> they need to look at some appropriately qualified references.
> Something like the book I cited previously is likely to give
> you better advice than anything you will get on this list.
>
> Without real expertise on the project it may be relevant to
> try and use libraries with good reputations or see if you can
> find someone with the appropriate experience to help.
>
> --
> Geoff Worboys
> Telesis Computing
>
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>