android - sqlcipher - how safe is sqlcipher? has it been hacked? -
it encrypts sqllite database @ page level, ok thats fine, nothing wrong that!
but source code? compiled, if compiled decompile it, retrieve password , decrypt database?
how safe sqlcipher?
according sqlcipher design documentation, based on secure components (aes, openssl, hmac_sha1, pbkdf2,...). if claims correct, sounds me.
what bit unusual (to me, @ least) there random iv per page. different typical file system encryption mode aes-xts. design used sqlcipher has advantages on aes-xts, example writing same data again not result in same encrypted page. however, possibly there disadvantages, example i'm not quite sure if sqlcipher possible move or copy pages (copy encrypted pages page). might not possible, design document don't see how prevented. such risk if non-standard encryption mode used :-) if problem, wouldn't allow attacker read data; allow types of attacks. aes-xts types of attacks possible, wouldn't worried much.
what source code?
to keep things save, don't store password in code. instead, let user enter password, or store in key-chain. possible both android , ios far see, don't know details.
Comments
Post a Comment