Comments (1)
I agree that the current behavior is non-ideal. A better approach is to return an error and prevent accessing encrypted databases if entropy generation fails. Maybe also spam error messages to stderr
given the critical security implications of the failure. In practice, entropy generation should never be broken except maybe on emulators or early in the boot of embedded systems.
In my opinion, the best solution would be to avoid pseudorandom number generation altogether by switching to deterministic nonces based on counters or hashes. However, maintaining persistent counter(s) in a simple and efficient way is an unsolved problem in the context of SQLite3 encryption extensions. Hashing the plaintext contents of a database page incurs a small performance hit but would be easy to implement. Replacing the hash algorithm with keyed BLAKE2 (or other HMAC) would be nice as the result could serve as a MAC and nonce for ChaCha20 at the same time (allowing removal of Poly1305, but that would break compatibility).
Anyway, I will modify the code to return errors on failing entropy generation. And maybe consider the fancy HMAC nonces for the next major version of sqleet (if there ever will be one).
from sqleet.
Related Issues (20)
- Problem with memory databases and encryption HOT 13
- Error compiling in Xcode - Clang HOT 2
- sqleet v1 cryptosystem HOT 5
- PRAGMA for header, salt, kdf rounds and skip
- Sqleet Shell's URI Interface miss(behavior) across different platforms & compilers
- SQLite 3.32.3 build issues HOT 3
- What are the plans for SQLeet? HOT 17
- Any way to compile on MacOS? HOT 4
- Database size limit
- Fatal signal 11 after set rekey for unencrypted database HOT 1
- Question: Anyway to open encrypted DB with DB Browser SQLite (SQLCipher)? HOT 4
- Anyway to fix broken encrypted database? HOT 2
- How to use SQLeet encryption for Room?
- compilation issue HOT 1
- Question: Is there a way to check if a database has been encrypted in sqleet? HOT 4
- Bugs from SQLite 3.31.1 in sqleet
- compile error libsqleet
- [Fixed] encryption on Android not working
- How to support such a statement "ATTACH DATABASE x AS y KEY z"? HOT 1
- Cannot open SQLCiper database
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqleet.