Subject Re: [firebird-support] FB Embedded: Table Field encryption questions
Author Geoff Worboys
> My main concern yesterday was whether using XOR encryption
> could be used for incremental searches, which my program
> uses a lot. I would like to let anyone interested know that
> it does just fine. In other words, XOR encrypts the first
> two letters of a partial word the same as it would the first
> two characters of the full word. This will make searching
> possible on the main descriptors of the treeview possible.

Yes, this is true. As long as everyone understands that such
a scheme is only obsuring the text - it is not very secure.
To quote my copy of "Applied Cryptography" by Bruce Schneier:
"It's an embarrassment to put this algorithm in a book" :-)

> Other encryption schemes seem to add characters to the string
> being encrypted such that merely two characters would be
> different from the first two characters of the full word.
> (Maybe I'm wrong on this? but I seemed to have seen this with
> BlowFish as an example.)

What you will find is that strong encryption first performs
compression. Depending on the schemes used etc this will often
result in growth rather than compression when used on very
small inputs. When you add the sophistication of strong
encryption your output will (hopefully) be quite unpredictable.

> I appreciate that this topic is somewhat off topic, but I
> know I'm not the only one whose had such concerns with a
> desktop system with a distributed DB and using FB embedded.
> Thanks to the monitors for allowing this discussion.

Given the number of questions relating to security lately
I dont think this was too far off-topic for this group.

Geoff Worboys
Telesis Computing