Subject Re: [Firebird-Architect] Re: database encryption
Author Alex Peshkoff
On 11/07/10 05:30, Jim Starkey wrote:
> This is absurd. Line and database file encryption is a perfectly
> reasonable request and well within the state of the art.

Moreover, they (specially line encryption) are in our roadmap for FB3.

> Throwing a
> bunch of bogus objections at it will not make it go away. Yes, on one
> hand, a provably secure solution assuming that DNS and the OS have been
> successfully hijacked is not feasible, but that isn't necessary.
> I suggest there are two basic requirements:
> 1. Defensible line security to level of AES, including intelligent
> use of PKES for key exchange
> 2. File (page) level encryption to defeat inquiring eyes.

I suggest here not to go into details of crypt implementation (what
algorithm, what library, etc.). Instead interfaces needed to support
line & file encryption should be defined.

> Perfect security is myth, of course. But
> practical security that would take a realistic millennium to break is
> achievable with relative little work.