Thursday
May242012

SQLCipher Core/Android 2.0.5 Released

DateThursday, May 24, 2012 at 5:51PM

We released version 2.0.5 of SQLCipher Core and SQLCipher for Android. This release builds on the many new changes we introduced in SQLCipher 2.0. Source for SQLCipher Core can be found here. SQLCipher for Android is available as a binary package here and in source format here. Here are some of the changes/additions highlighted in this release:

SQLCipher Core:

  • Based on SQLite 3.7.12.1
  • Add PRAGMA cipher_version to identify the SQLCipher version
  • Improved reporting of HMAC validation failure
  • Enable secure delete (wipes deleted page contents)
  • Detect and report errors if cipher context becomes corrupted

SQLCipher for Android:

  • Everything listed above in SQLCipher Core
  • Add SQLiteDatabaseHook interface providing preKey/postKey hooks into SQLiteDatabase
  • Adjustment to how RO/RW databases are handled in SQLiteOpenHelper
  • Restructure package from info.guardianproject.* to net.sqlcipher.*
  • Removed the build step for OpenSSL, we dynamically link to it
  • Add SQLiteDatabase.upgradeDatabaseFormatFromVersion1To2 to automate migrations from the 1.x to 2.0 database format
  • Add overload to SQLiteDatabase.loadLibs to specify an alternative directory for unzipping the ICU dat file

Please take a look, we welcome feedback. Thanks!

AuthorSQLCipher | CommentPost a Comment |
Tuesday
Mar202012

SQLCipher at the BlackHatEU ElcomSoft Presentation

DateTuesday, March 20, 2012 at 9:26AM

During the third day of the BlackHatEU conference, Andrey Belenko and Dmitry Sklyarov of ElcomSoft presented an analysis of iOS and Blackberry password managers entitled “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?. It was a complete analysis of 17 of the most popular password management programs showing that many password managers store data in an unencrypted format, "encrypted so poorly that they can be recovered instantly", or are susceptible to basic cracking techniques.

One of the apps reviewed in the paper was Zetetic's Strip Lite, which is backed entirely by SQLCipher. As such, the results of their findings hold true for all apps using SQLCipher. From the reports we've heard it was noted as the one exception that properly implemented strong cryptography, was "by far the most resilient app to password cracking", and the most secure app for iOS.

However, the paper includes some brute force cracking estimates that serve as an important reminder about the need to use a strong passphrase when encrypting data. Their estimates show clearly that given suitably fast GPUs it would be possible to brute force standard numeric PIN numbers due to their low entropy / small search space. 

This topic has been discussed exhaustively on the SQLCipher mailing list in the past, but the security of SQLCipher is highly dependent on the security of the key used. Even though we take great pains to increase the difficulty of brute force attacks using PBKDF2, and avoid dictionary / rainbow table attacks with the per database salt, these techniques can only be successful if a suitably strong key is chosen.

The original whitepaper contains all of the source information, and you can also read more about our initial thoughs on the analysis.

AuthorSQLCipher | CommentPost a Comment |
Tuesday
Mar132012

SQLCipher for Android 1.1 Released

DateTuesday, March 13, 2012 at 5:11PM

A new build of SQLCipher for Android is now available, binaries can be found here. With this latest release we've added support on the Android platform spanning versions 2.1 through 4.0.3. Due to our expanded support, a new ICU zip file entitled icudt46l.zip is being included which replaces the older icudt44l.zip. A tutorial covering application integration of SQLCipher for Android and building the source can be found here.

AuthorSQLCipher | CommentPost a Comment |
Tuesday
Mar062012

SQLCipher in The Busy Coder's Guide to Advanced Android Development

DateTuesday, March 6, 2012 at 4:10PM

The latest version of the Busy Coder's Guide to Advanced Android Development, published by CommonsWare, has recently been released. Chapter 21, Advanced Databases, is dedicated to database techniques like encryption. SQLCipher for Android is featured prominently along with a tutorial and discussion of proper integration techniques.

If you've been looking for a good book on advanced Android development topics that includes SQLCipher database encryption you should definitely check it out!

AuthorSQLCipher | CommentPost a Comment |
Thursday
Mar012012

PRAGMA cipher_default_use_hmac = OFF;

DateThursday, March 1, 2012 at 10:59AM

We needed a new PRAGMA! These things happen.

With the release of SQLCipher 2.0, a PRAGMA was added (cipher_use_hmac) which disabled the new per-page HMAC protection feature before opening a database, so that a developer wishing to run SQLCipher 2.0 against a 1.x database could do so. This was important to us because we wanted to provide an easy way for developers to migrate to the new database format. Generally speaking, you'd want to do something like this:

  1. Open the legacy database, set your key
  2. Call PRAGMA cipher_use_hmac = OFF; before opening the legacy database
  3. ATTACH a new, empty database, which will be encrypted by default and have HMAC on by default
  4. Copy your database into the attached database using sqlcipher_export()

That scenario looks about like this on the command line:

$> ./sqlite3 my-legacy-encrypted.db
sqlite> PRAGMA key = 's3cr37';
sqlite> PRAGMA cipher_use_hmac = OFF;
sqlite> ATTACH DATABASE 'new-sqlcipher2.db' AS newdb;
sqlite> SELECT sqlcipher_export('newdb');
sqlite> DETACH DATABASE newdb;

But there are other scenarios, ones in which we really needed to be able to ATTACH one legacy database to another (e.g. data replication). Even though we'd have called PRAGMA cipher_use_hmac = OFF; when opening the first database, the ATTACH operation assumed the new default format, and would report back "database is encrypted or is not a database."

We didn't wish to modify the ATTACH command, and we didn't want to change the behavior of cipher_use_hmac, as the latter's behavior is necessary for developers who wish to migrate and upgrade their databases. Instead, Stephen came up with a new PRAGMA, cipher_default_use_hmac, which is a globally applied setting in SQLCipher, allowing you to turn HMAC protection on and off before you open or ATTACH another encrypted database, so you only need to bother with one setting in your app. Here's an example (where custom_data_replicator() is a made-up function):

$> ./sqlite3 my-legacy-encrypted.db
sqlite> PRAGMA cipher_default_use_hmac = OFF;
sqlite> PRAGMA key = 's3cr37';
sqlite> ATTACH DATABASE 'remote.db' AS remote;
sqlite> SELECT custom_data_replicator('remote');
sqlite> DETACH DATABASE remote;

Pretty dang handy and available now on the master branch—stay tuned to the mailing list for details on new tags and release numbers. You can see the changes here along with updated unit tests.

Meanwhile, I've made some mods to SQLCipherManager to support this specific scenario. Setting the property useHMACPageProtection causes the new global PRAGMA to be called before a database is opened, rather than the older cipher_use_hmac. This allows you to attach 1.x or 2.x databases at will, by changing the setting when you need to, like so:

self.dbManager = [SQLCipherManager sharedManager];
[self.dbManager setUseHMACPageProtection:NO];
@try {
  [self.dbManager execute:
    [NSString stringWithFormat: @"ATTACH DATABASE '%@' AS remote;", [replicaURL path]];
  [self.dbManager beginTransaction];
  [self.dbManager execute:@"SELECT custom_data_replicator('remote');"];
  [self.dbManager commitTransaction];
  [self.dbManager execute:@"DETACH DATABASE remote;"];
}
@catch (NSException *exception) {
  // SQLCipher's execute: command now provides handy exceptions!
  // For traditional error handling, use execute:error: instead.
  NSLog(@"Command failed: %@", [exception reason]);
}
AuthorWilliam Gray | CommentPost a Comment |
Page 1 2 Next 5 Entries »