Re: [sqlite] How secure is encrypted sqlite database

On 28 Jul 2009, at 9:32pm, Ram G wrote:

> I have modified (credit goes to System.Data.SQLite) SQlite library to
> encrypt the database. File is encrypted and data insert/update/ 
> retrieval
> works fine.
>
> The question I have is, how secure is the encrypted database.

You seem to have implemented encryption yourself.  Or are you using  
the hwachi extension ?  Or sqlite-crypt ?  How secure is your own  
method of encryption ?  Do you wipe cleartext memory after doing your  
own encryption and decryption ?

> Please correct
> me if I am wrong, SQLite reads the file and stores some of the data  
> pages in
> memory. In the case of an encrypted database, the data cached in  
> memory
> pages is encrypted or clear text?

There has to be, at some stage, plaintext data in memory somewhere.   
Details of how it's handled should probably be either completely  
public, or as secret as practical.

If you want to have the best encryption of your SQLite data you should  
contact DRH, who maintains custom package which does exactly that (the  
hwachi one I mentioned earlier).  See

<http://www.hwaci.com/sw/sqlite/prosupport.html#crypto>

Simon.
_______________________________________________
sqlite-users mailing list
sqlite-users@xxxxxxxxxx
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users