|Title:||Use of RC4 for database encryption|
|Last Modified:||2016-02-15 20:09:33|
|Version Found In:||188.8.131.52|
anonymous added on 2015-09-09 16:06:31:
When using Password=password to encrypt a database, the encryption algorithm is RC4 (crypt.c line 249): CryptDeriveKey(g_hProvider, CALG_RC4, hHash, 0, &hKey); Is there some reason this couldn't be updated to be a stronger algorithm such as AES265? I've made code changes in my own build using CALG_AES_256 which works fine. Understandably this would have to go in as another option to allow existing databases encrypted with RC4 to be opened, but it would make a valuable addition.
anonymous added on 2016-02-15 10:11:56:
I have submitted a patch to firstname.lastname@example.org which addresses this issue by providing additional encryption algorithms but also maintaining compatibility to the RC4 encryption a little more than a week ago and am now awaiting some feedback.