SQLite Encryption Strength?

Last post 07-28-2009 2:02 PM by Robert Simpson. 16 replies.

Page 2 of 2 (17 items) < Previous 1 2
	Sort Posts: Previous Next

07-28-2009 1:41 PM In reply to

IronyofLife
Joined on 07-28-2009
Posts 1

Re: SQLite Encryption Strength?

Reply Contact

First of all, thanks to you for creating this wonderful package and making it available to all. I have successfully integrated your library into my application. I do realize that this thread is close to 2 years old. Hope you can reply to my question. Sqlite database is a flat file and as such does not offer much protection. Encrypting it makes it harder to read and depending on the strength of the encryption technology, it may or may not be possible to hack it by brute force. However, SQLite stores pages of data in memory and in the case of encrypted database, is the data in the pages encrypted and decryption happens when it is actually queried? In other words how secure is encryption for a determined hacker employing tools to read the data from memory. Thanks very much in advance.

07-28-2009 2:02 PM In reply to

Robert Simpson
Joined on 08-28-2005
Posts 2,712

Re: SQLite Encryption Strength?

Reply Contact

The .NET provider uses RC4 encryption. The entire file is encrypted, including the metadata. SQLite the engine may store unencrypted pages in its internal cache, but I don't really know for sure.

The bottom line is that nothing is safe from a hacker who has your binaries and database on his/her computer and is determined to read your data.

It is impossible to design an unhackable program that is designed to run on a local computer. Anytime a hacker has access to a debugger and locally-running code, you are vulnerable in some fashion or another.

Page 2 of 2 (17 items) < Previous 1 2