| Ticket Hash: | 537b718e1b4e231b8ba68c1a5ad1a85a738c991b | |||
| Title: | Use of RC4 for database encryption | |||
| Status: | Deferred | Type: | Feature_Request | |
| Severity: | Important | Priority: | Medium | |
| Subsystem: | Legacy_CryptoAPI | Resolution: | Rejected | |
| Last Modified: | 2016-02-15 20:09:33 | |||
| Version Found In: | 1.0.98.0 | |||
| User Comments: | ||||
anonymous added on 2015-09-09 16:06:31:
(text/x-fossil-plain)
When using Password=password to encrypt a database, the encryption algorithm is RC4 (crypt.c line 249): CryptDeriveKey(g_hProvider, CALG_RC4, hHash, 0, &hKey); Is there some reason this couldn't be updated to be a stronger algorithm such as AES265? I've made code changes in my own build using CALG_AES_256 which works fine. Understandably this would have to go in as another option to allow existing databases encrypted with RC4 to be opened, but it would make a valuable addition. anonymous added on 2016-02-15 10:11:56: (text/x-fossil-plain) I have submitted a patch to drh@sqlite.org which addresses this issue by providing additional encryption algorithms but also maintaining compatibility to the RC4 encryption a little more than a week ago and am now awaiting some feedback. | ||||
