[Botan-devel] SQLite3 encryption codec with Botan

Jack Lloyd lloyd at randombit.net
Tue Apr 14 22:05:09 EDT 2009


On Wed, Apr 15, 2009 at 09:51:21AM +0800, Mr Diggilin wrote:
> Thank you again for the detailed explanation, seems pretty clear now.
> The only thing I'm left wondering is the first question I had about
> deriving the key. Should I be using a PBKDF? If so, how should it be
> salted?

PBKDF2 is still a good choice, since the initial input is a human
generated password: using a high iteration count (10000 or more) would
make dictionary attacks more expensive, and using a randomly generated
though fixed salt would ensure that someone doing a dictionary attack
had to attack your scheme specifically. Both of these are useful.

> Also, is the page number (or something based of the page number
> perhaps?) a good choice for an IV?

One decent way of generating an IV: in addition to generating the
cipher key with the PBKDF, generate an additional MAC key. For each
page, take the MAC of the page number and then use that value as the
IV. For this purpose, CMAC (with the same cipher), would be
particularly convenient, since the output size of the MAC will match
the block size of the cipher.

-Jack



More information about the botan-devel mailing list