DB File Encryption Password Expansion
Posted: Sun 22 Jun 2014 11:29
Hi Guys,
I'm considering using AES-128 encryption for my database file. Is there a "Password Expansion" or "Key Derivation Function" (like PBKDF2) performed on the encryption key after it is passed to EncryptDatabase(NewEncryptionKey: string);
If so, could you talk about which one was chosen, or at least what exactly happens to the key before it is sent to the AES algorithm? Since the TLiteConnection.EncryptionKey property in the component is a unicode string, it makes me think that it expects values that look more like casual text passwords (like "11111"), and not the actual keys used for the cipher algorithm, which would be more like 128bit random-looking binary data.
What I'm ultimately trying to understand is the amount of protection the system provides against attacks on the cryptography.
Thanks,
Bill.
I'm considering using AES-128 encryption for my database file. Is there a "Password Expansion" or "Key Derivation Function" (like PBKDF2) performed on the encryption key after it is passed to EncryptDatabase(NewEncryptionKey: string);
If so, could you talk about which one was chosen, or at least what exactly happens to the key before it is sent to the AES algorithm? Since the TLiteConnection.EncryptionKey property in the component is a unicode string, it makes me think that it expects values that look more like casual text passwords (like "11111"), and not the actual keys used for the cipher algorithm, which would be more like 128bit random-looking binary data.
What I'm ultimately trying to understand is the amount of protection the system provides against attacks on the cryptography.
Thanks,
Bill.