Subject | Re: [Firebird-Architect] Re: database encryption |
---|---|
Author | Paul Vinkenoog |
Post date | 2010-11-08T01:49:17Z |
Geoff Worboys wrote:
Still, ECB should always be avoided if possible. But as you know
(amateur or not ;-)) chaining modes with a random IV are easy to
implement. Compressing the data prior to encryption - to reduce
redundancy - makes the ciphertext even harder to decrypt, but comes
with a performance penalty that may be too severe for our case.
I'm in no way a cryptography expert, but I did study the basics
because I sometimes need encryption in software I write, and
especially when it comes to data protection I want to know what
I am doing - how things work and why. Built-in encryption in
Firebird *is* feasible and you don't have to be a rocket scientist
to implement it - but if it's worth the work (and/or the money)
is not for me to decide.
If it is implemented (well) I'll probably use it. If not, I'll
just keep encrypting some data client-side before storing them.
Paul Vinkenoog
> Sorry, I think the correct term here is probably aIt seems that AES is pretty robust against known-plaintext attacks.
> chosen-plaintext attack, not replay. But then I did warn
> you I'm just an amateur. The main point being that combined
> with my points 3 and 5 this can be a very useful strategy
> against something like ECB.
Still, ECB should always be avoided if possible. But as you know
(amateur or not ;-)) chaining modes with a random IV are easy to
implement. Compressing the data prior to encryption - to reduce
redundancy - makes the ciphertext even harder to decrypt, but comes
with a performance penalty that may be too severe for our case.
I'm in no way a cryptography expert, but I did study the basics
because I sometimes need encryption in software I write, and
especially when it comes to data protection I want to know what
I am doing - how things work and why. Built-in encryption in
Firebird *is* feasible and you don't have to be a rocket scientist
to implement it - but if it's worth the work (and/or the money)
is not for me to decide.
If it is implemented (well) I'll probably use it. If not, I'll
just keep encrypting some data client-side before storing them.
Paul Vinkenoog