I’m considering using an encrypted database for a new application. I have a question about the encrypted state of the database when in use.
Remains the database encrypted when it is opened and connected? Between read/write cycles?
Yes
You can add encryption to an existing unencrypted database.
You can decrypt to an existing encrypted database.
You do not need to decrypt an encrypted database before using it, but you must provide the encryption password to connect to it. Once open you use the encrypted database as normal.
If you forget your encryption password YOU cannot easily decrypt it, but the NSA can i.e. it’s not uncrackable.
Is there a way to make it uncrackable?!
short answer is no.
longer answer is we (collective we) use the strongest encryption we can, to make it difficult and time consuming to decrypt/crack our data. Any encrypted data can be cracked when enough Time/Resources is thrown at it.
sb
AES256 with a several times hashed password with salt will make it unlikely that someone cracks it technically.
It’s than more likely someone will ask you for the key directly.
If a enough talented person have access to a piece of code that correctly access an encrypted database, then he/she can recover the access key. You must use obfuscation techniques to hide such information from less talented persons.
[quote=219459:@scott boss]short answer is no.
longer answer is we (collective we) use the strongest encryption we can, to make it difficult and time consuming to decrypt/crack our data. Any encrypted data can be cracked when enough Time/Resources is thrown at it.
sb[/quote]
The answer is YES. But it would take some resources to do so. You probably can’t provide it yourself.
There are ways though, but those ways require you not to share it on a public forum.
A more simple way is what Christian told you. Multiple hashing and hiding the salt and pass from memory. Make sure you have it only so long you need it, and dispose of the information as soon as possible. Base64 encode and split it up in your own way.
Ok. I thought that once you connect the db is decrypted but I understand that’s not the case.
From a performance perspective, It’s very hard for me to tell there is a difference when it is encrypted. In most cases I don’t notice at all and when I fetch a lot of data, it’s very slight. Maybe 2% to 3% difference in speed, which is negligible when the goal is keeping the data secure.
Not at all
It remains encrypted
Dr Hipps code actually makes it so the db engine reads and deals with the encrypted data as though it were not encrypted at all while actually leaving everything encrypted
I sure wish my favorite database editor, Navicat, supported Dr. Hipps. When I debug a problem and have to go to the Editor, I have to decrypt it first. It’s only a click on a button, but still kind of pain.
Esp since the fee is a one time thing
Not like it would bankrupt them
Pardon my ignorance in cryptology. I thought AES-128 was safe to enough to spend a lot of money on decrypting a encrypted SQLite DB. Is still AES-128 encryption or SQLite encryption more than enough to be safe? Don’t know if AES-128 has been compromised or encryption in SQLite within Xojo is not secure.
I have the had the same problem with Navicat ( Premium Essencials ) and read here that SQLiteManager is compatible with Xojo SQLite encryption. I tried it, and while not as powerful as Navicat in some areas, works pretty well. Worth the money invested, as I’m now with encrypted databases.
Thanks, I own SQLiteManager as well, but my personal preference is Navicat.
You can use AES 256 if you like…
Please mark Christian post at https://forum.xojo.com/conversation/post/219138 as “Answer the question”.