System.Data.SQLite
View Ticket
Not logged in
Ticket UUID: a07ec7400847bbe78001354708c004c3a967e6ea
Title: RC4 is vulnerable
Status: Closed Type: Feature_Request
Severity: Important Priority: Medium
Subsystem: Legacy_CryptoAPI Resolution: Rejected
Last Modified: 2016-11-17 19:27:41
Version Found In: 1.0.102.0
User Comments:
anonymous added on 2016-11-09 15:46:01:
It appears that the ADO.NET wrapper we get from NuGet uses the Microsoft Enhanced Cryptography Provider which is using an algorithm called RC4 for encrypting the data. This is outdated and was shown to have vulnerabilities, hence why AES is the main algorithm in use today.

Request support of less vulnerable cryptographic functions to support privacy and HIPAA compliant applications.

mistachkin added on 2016-11-09 15:51:49:
The CryptoAPI-based encryption included with System.Data.SQLite is a
legacy feature, has known issues, and is officially unsupported.  It is
being retained only for the purpose of backward compatibility with legacy
applications that make use of it.

Alternatively, you might want to look into the commercial SEE extension,
which does work with System.Data.SQLite and is fully supported for use
with it.