You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
because the selfspy database can become quite large, it may trigger one of Blowfish's vulnerabilities, that is birthday attacks with large datasets. The GnuPG FAQ indeed recommends to avoid using blowfish for files larger than 4GiB.
There's a database extension called sqlcipher that does exactly what we need: it uses AES-128 with a proper KDF (key derivation function or more precisely PBKDF2). There are also Python bindings for the database.
even if you do not use sqlcipher, you should phase out using blowfish and switch to a more modern encryption algorithm like AES. likewise, the key derivation function (which is currently MD5) should be switched to Argon, scrypt or PBKDF2 - but why roll your own when something's already there to do the right thing for you? :)
The text was updated successfully, but these errors were encountered:
because the selfspy database can become quite large, it may trigger one of Blowfish's vulnerabilities, that is birthday attacks with large datasets. The GnuPG FAQ indeed recommends to avoid using blowfish for files larger than 4GiB.
There's a database extension called sqlcipher that does exactly what we need: it uses AES-128 with a proper KDF (key derivation function or more precisely PBKDF2). There are also Python bindings for the database.
even if you do not use sqlcipher, you should phase out using blowfish and switch to a more modern encryption algorithm like AES. likewise, the key derivation function (which is currently MD5) should be switched to Argon, scrypt or PBKDF2 - but why roll your own when something's already there to do the right thing for you? :)
The text was updated successfully, but these errors were encountered: