Subject Re: [Firebird-Architect] Block Encryption, Initialization Vector, and Security
Author Alex Peshkoff
On 11/09/10 21:50, Jim Starkey wrote:
> The line protocol is a different matter entirely. The packets are more
> deterministic and have less infrastructure than data pages, aren't
> compressed (last time I looked, at least). Carefully analyzed, it is
> distinctly possible that useful information might leak. Here, CBC is
> important. But is the initialization vector significant? If there were
> any chance that two sessions would play out identically, perhaps. But
> the nature of the protocol makes this virtually impossible.

This is very important. Certainly, we may add compression before crypt.
But this does not solve a problem with a lot of small packets (like
op_response) that have very deterministic nature.

But first of all I need to know - do you suggest to start CBC for each
package or treat the flow of packages as a single object to crypt? The
second approach is definitely more secure, but in case of lost single
package we are in trouble.