| Subject | Re: Encryption |
|---|---|
| Author | Maverick Thunder |
| Post date | 2009-06-18T13:51:25Z |
> We do not need to argue the merits of key management for UDFI agree that there is no 100% secure thing but let me explain my point with another
> encryption... because you have still not solved the original
> point of my response to the UDF suggestion: patterns.
>
> Take a look at this as an example:
> http://www.truecrypt.org/docs/?s=how-to-back-up-securely
> with the repeated warnings not to let a potential attacker get
> copies of the encrypted volume over successive periods in time.
> These warnings are given because it is possible to analyse the
> changes and get hints towards the encryption key.
>
> Now multiply that by the number of rows in which you are going
> to store encrypted fields... then add in the old version row
> data that have not yet been cleaned up.
>
> Then weaken the encryption scheme according to the large number
> of hints available in the surrounding plain-text data. Perhaps
> it is known the encrypted data is text, perhaps the surrounding
> data makes it possible to make good guesses at the actual
> contents of just one or two of the fields (with the UDF
> restrictions on encryption this is effectively the same as
> handing the attacker the key).
>
> But wait, there's more:
>
> You are wanting to encrypt because you believe an attacker may
> be able to read the source/original field data. (If they never
> see it you would not need to encrypt it.) If the attacker is
> an authorised user it may well be that they can prime the field
> with known data... they read back the encrypted result and once
> again you have handed them the key.
>
> If all you want to do is stop your little brother from reading
> your diary then some simple obscuring of data may be all you
> need (beware of under-estimating the younger generations ;-).
> I would much rather we did not attempt to pretend it was real
> security.
>
> Sure there are many commercial enterprises out there selling
> products with "strong encryption" features worth almost as much
> as the paper it was printed on, but Firebird does not have to
> follow their example.
>
> --
> Geoff Worboys
> Telesis Computing
example: TV Cable digital signals, for e.g., DCT-700 decoder made by motorola used in
several countries.
Only very few people that works in Motorola knows the key pairs used but it is known that
it uses 3DES algorithm. Well, there is too many people around the world trying to hack the
encryption to see cable tv free and/or sell "tweaked" decoders but for now there is no
success. Also you have access to millons and millons of rows alias packets you can analyze
because cable company are sending them always in their transmition.
But I repeat, there is no success, at least for now. I think that the problem of using a
very strong encryption is that the process of encrypt/decrypt is slow and always we finish
using something that does not dropdown db performance.
Regards,
Mauro H. Leggieri