Security level of full encryption of the SQLite database?

Hello,


We encrypt by default with a key contained in the application. When you add your own password, it is used as a salt to generate a new encryption key.

Is there more specific that you require?

Best regards,

which encryption algorithm do you use?

Hello,


Sorry I got sidetracked by the fact that we use your provided password as a salt and didn't realize you were talking about the content of the database instead of the password to access it.

For a SQLite database, we only protect it with a password, be it our own or salted with yours. The content itself is not encrypted, except for the passwords which are encrypted with AES 256 bit encryption.

If you would like to encrypt the sessions themselves you would need to use an Advanced data source and apply a Security Provider.

Sorry about my confusion.

Best regards,

thank you!

let's see if I understood correctly.

When the user sets a "master password", it has 2 effects:

Is it correct?

please, Maurice Cote, can you confirm?

thank you!

Hello,


I had a discussion with the CTO and there are two SQLite wrappers in RDM. The offline cache, and the data source.

Lets forget the offline cache, because its not the default cache engine anymore. That's the one that has the salt.

For SQLite as a datasource, we do not alter the password in any way. If you do not apply a password on the file, it is not encrypted.

The content of the database is not encrypted either, the exception being for the session passwords that we always encrypt with AES 256 encryption, thats with a key that is built-in RDM.

A word of warning from our CTO, to read a SQLite database that has a password, you must use the same library that has been used to apply it. In our case System.Data.SQLite. If you try it with the firefox extension or some other tool, it will not work.


Best regards,