[aerogear-dev] Should encrypted store fail to open when passphrase is wrong?
Bruno Oliveira
bruno at abstractj.org
Tue Jan 21 09:26:41 EST 2014
--
abstractj
On January 21, 2014 at 12:18:34 PM, Tadeas Kriz (tkriz at redhat.com) wrote:
> > You can’t compare EncryptedSQLStore with SQLCipher. Completely
Keep in mind that I never did that ;)
> different way of encryption. SQLCipher encrypts the database
> page by page (mostly chunks of 1024 bytes), but EncryptedSQLStore
> encrypts only the data row by row individually (check [1] for
> very simple comparsion). That’s completely different approach.
> This way you can find out if the passphrase is right by calling
> basically any SQL command and an exception will be thrown if it
> won’t succeed. That’s something that cannot be achieved with
> current EncryptedSQLStore implementation. The EncryptedSQLStore
> already saves IV and Salt in separate table. It wouldn’t be a problem,
> performance issue or space issue to add one more row, which the
> EncryptedSQLStore would try to decrypt and if successful, that’d
> mean the passphrase is correct. The value of that row might be
> just an encrypted JSON with random key and value. That way, you’d
> check if the decrypted is valid JSON. There should be no security
> issue with that, or is there?
I never mentioned “security issue” in any kind of e-mail or Jira.
More information about the aerogear-dev
mailing list