Subject Re: [firebird-support] Re: Encryption and changing laws
Author Geoff Worboys
Ed Dressel wrote:
>> when you ask this question?

> I have read that before, and while I understand it, it comes
> across academic (a view from the classroom) verses reality
> (a view from the trenches). I live in the trenches.

Actually it was written by someone that does not even have a
diploma, is almost entirely self-taught and has spent the last
20 years involved in developing database applications for
various businesses.

If it comes across academic... well that is coincidental.

> To put it in a nutshell: there are reasons other database
> systems support encryption at the database level.

Yes, it's called marketing. Mostly it has very little to do
with security issues addressed by my article.

Your original post was about user-data security not metadata
security and there are viable solutions this problem. Yes a
database engine could implement such solutions, but whether it
is a good idea for a project with limited resources to do so
is much less certain (and I cannot speak for the developers to
say whether it is likely in Firebird or not).

You face the real dilemma that your clients have heard of
encryption and believe that encryption = security - and I
well understand that instructing clients about these sorts
of subjects can be difficult.

If you sell the application to your clients as a package then
it should be feasible to re-package your product to install
TrueCrypt or similar product. This is essentially the same
result as if the database engine did the encryption:

. it is a bit less convenient perhaps, although mostly
any inconvenience is about better security

. it will offer more options and better overall security
than you will see from encryption embedded in Firebird
in any useful time-frame:
. support for security tokens and smart-cards
. support for key files (which could be on thumb
drives like a simple security token)
. support for split keys (require multiple people
to authorise access)
. cascaded encryption (so even if one algorithm
is found weak the other may protect)
. supported and studied by experts in the field

It is not that Firebird could not do these things but it is
unlikely it will ever do them as well (nor as securely) as
you see in dedicated products like TrueCrypt, BestCrypt or
PGPDisk. Against such competition it becomes difficult to
justify spending time implementing encryption inside Firebird.

Geoff Worboys
Telesis Computing