[aerogear-dev] Should encrypted store fail to open when passphrase is wrong?
Tadeas Kriz
tkriz at redhat.com
Tue Jan 21 09:29:20 EST 2014
—
Tadeas Kriz
tkriz at redhat.com
On 21 Jan 2014, at 15:26, Bruno Oliveira <bruno at abstractj.org> wrote:
>
>
> --
> abstractj
>
> On January 21, 2014 at 12:18:34 PM, Tadeas Kriz (tkriz at redhat.com) wrote:
>>> You can’t compare EncryptedSQLStore with SQLCipher. Completely
>
> Keep in mind that I never did that ;)
Then I had to misunderstood the "APIs like SQLCipher don’t do that.”, sorry about that.
>> different way of encryption. SQLCipher encrypts the database
>> page by page (mostly chunks of 1024 bytes), but EncryptedSQLStore
>> encrypts only the data row by row individually (check [1] for
>> very simple comparsion). That’s completely different approach.
>> This way you can find out if the passphrase is right by calling
>> basically any SQL command and an exception will be thrown if it
>> won’t succeed. That’s something that cannot be achieved with
>> current EncryptedSQLStore implementation. The EncryptedSQLStore
>> already saves IV and Salt in separate table. It wouldn’t be a problem,
>> performance issue or space issue to add one more row, which the
>> EncryptedSQLStore would try to decrypt and if successful, that’d
>> mean the passphrase is correct. The value of that row might be
>> just an encrypted JSON with random key and value. That way, you’d
>> check if the decrypted is valid JSON. There should be no security
>> issue with that, or is there?
>
> I never mentioned “security issue” in any kind of e-mail or Jira.
Then why would it be a problem?
More information about the aerogear-dev
mailing list