db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: Regarding Derby42 : Do not store the encryption key length and the encryption block size in service.properties:
Date Tue, 19 Oct 2004 17:17:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sunitha Kambhampati wrote:

> Do not store the encryption key length and the encryption block size in
> service.properties for encrypted database when external key is used.
>
> Regarding  fix for derby 42
> (http://nagoya.apache.org/jira/browse/DERBY-42 ):
> 1)The encryption key length is used only for error checking and the fix
> to not store this information is OK and simple. Also attached is patch
> to fix this first part .
>
> 2)However removing the encryption block size property is little more
> involved:
> Currently,  the encryption block size is obtained during creation of the
> encrypted database and stored in service.properties.  On subsequent
> connections, this stored value is used for padding of logs.

I think that Derby-42 should be just be for removing the key length from
service.properties. That would then be fixed with your patch.

Then maybe a separate issue for handling the block size. There are two
issues I see for block size.

1) Does having the block size in service.properties compromise the
security of an ecrypted database in any way? E.g. does it give a clue to
the key length or algorithm?

2) Since default block size is provider specific (from Javadoc for
Cipher), what does the Derby code do with the block size when an
encrypted database is booted? Does it request an algorithm with that
block size?

Dan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBdUwcIv0S4qsbfuQRAqNOAJ9vVFnEnMAtRfmeteQupGtA1vLHBACg5kLT
BAx3mcNhe0md0JvwViIvgO4=
=qhI3
-----END PGP SIGNATURE-----


Mime
View raw message