[aerogear-dev] Should encrypted store fail to open when passphrase is wrong?

Bruno Oliveira bruno at abstractj.org
Tue Jan 21 09:26:41 EST 2014



--  
abstractj

On January 21, 2014 at 12:18:34 PM, Tadeas Kriz (tkriz at redhat.com) wrote:
> > You can’t compare EncryptedSQLStore with SQLCipher. Completely

Keep in mind that I never did that ;)
   
> different way of encryption. SQLCipher encrypts the database  
> page by page (mostly chunks of 1024 bytes), but EncryptedSQLStore  
> encrypts only the data row by row individually (check [1] for  
> very simple comparsion). That’s completely different approach.  
> This way you can find out if the passphrase is right by calling  
> basically any SQL command and an exception will be thrown if it  
> won’t succeed. That’s something that cannot be achieved with  
> current EncryptedSQLStore implementation. The EncryptedSQLStore  
> already saves IV and Salt in separate table. It wouldn’t be a problem,  
> performance issue or space issue to add one more row, which the  
> EncryptedSQLStore would try to decrypt and if successful, that’d  
> mean the passphrase is correct. The value of that row might be  
> just an encrypted JSON with random key and value. That way, you’d  
> check if the decrypted is valid JSON. There should be no security  
> issue with that, or is there?

I never mentioned “security issue” in any kind of e-mail or Jira.



More information about the aerogear-dev mailing list