Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 4 of 4 total

Mon, Sep 21 2009 5:41 AM	Permanent Link
"M.Sandra"	DBISAM 4 default encryption is 128 bit Blowfish, right? Where is stored the 128-bit key in the engine? Can it be customized? Second question: in the process of upgrade of my tables from v3 to v4 i'd like not only to have the strongest possible encryption for data, but also secure password that cannot be "cracked" with some tools just like those for v3. How are the table passwords stored in the tables? encrypted with blowfish as well? thanks in advance for enlightening Sandra
Mon, Sep 21 2009 11:10 AM	Permanent Link
"Raul"	Tim can cover it properly but i'll take a stab at it: The plain text password itself is not stored anywhere - password is hashed with MD5 and resulting hash encrypted usign Blowfish again and then stored. Tim allows you to customize engine and use alternative encryption (you would have to provide it)- see Encryption section for more details. As for changing any of the actual encryption init values - if you have source code then you can check on it but obviously you would be creating something that is at the very least incompatible with normal DBISAM and may even end up being weaker. The 128-bit key is likely output from MD5 hashing (i'm guessing it consits of password + salt) - Tim please correct me here - so there likely is no hard-coded 128 bit key. Raul "M.Sandra" <nospam@nospam.com> wrote in message news:363E4CFB-8A51-4A33-A7E7-48BDDBB8E324@news.elevatesoft.com... > DBISAM 4 default encryption is 128 bit Blowfish, right? > > Where is stored the 128-bit key in the engine? > Can it be customized? > > Second question: in the process of upgrade of my tables from v3 to v4 i'd > like not only to have the strongest possible encryption for data, but also > secure password that cannot be "cracked" with some tools just like those > for v3. How are the table passwords stored in the tables? encrypted with > blowfish as well? > > thanks in advance for enlightening > Sandra
Tue, Sep 22 2009 12:12 PM	Permanent Link
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com	Raul, << The plain text password itself is not stored anywhere - password is hashed with MD5 and resulting hash encrypted usign Blowfish again and then stored. >> Correct. << Tim allows you to customize engine and use alternative encryption (you would have to provide it)- see Encryption section for more details. >> Correct. << The 128-bit key is likely output from MD5 hashing (i'm guessing it consits of password + salt) - Tim please correct me here - so there likely is no hard-coded 128 bit key. >> Correct. -- Tim Young Elevate Software www.elevatesoft.com
Tue, Sep 22 2009 1:05 PM	Permanent Link
"Alessandra"	Tim Young [Elevate Software] wrote: > << The 128-bit key is likely output from MD5 hashing (i'm guessing it > consits of password + salt) - Tim please correct me here - so there > likely is no hard-coded 128 bit key. >> > > Correct. thanks to both of you for enlightening the topic. I actually won't change anything with encryption, but rather will use a long password, to make things impossible ( ) for data-crackers. Sandra