Ticket Hash: | a07ec7400847bbe78001354708c004c3a967e6ea | |||
Title: | RC4 is vulnerable | |||
Status: | Closed | Type: | Feature_Request | |
Severity: | Important | Priority: | Medium | |
Subsystem: | Legacy_CryptoAPI | Resolution: | Rejected | |
Last Modified: | 2016-11-17 19:27:41 | |||
Version Found In: | 1.0.102.0 | |||
User Comments: | ||||
anonymous added on 2016-11-09 15:46:01:
(text/x-fossil-plain)
It appears that the ADO.NET wrapper we get from NuGet uses the Microsoft Enhanced Cryptography Provider which is using an algorithm called RC4 for encrypting the data. This is outdated and was shown to have vulnerabilities, hence why AES is the main algorithm in use today. Request support of less vulnerable cryptographic functions to support privacy and HIPAA compliant applications. mistachkin added on 2016-11-09 15:51:49: (text/x-fossil-plain) The CryptoAPI-based encryption included with System.Data.SQLite is a legacy feature, has known issues, and is officially unsupported. It is being retained only for the purpose of backward compatibility with legacy applications that make use of it. Alternatively, you might want to look into the commercial SEE extension, which does work with System.Data.SQLite and is fully supported for use with it. |