-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for hexadecimal passwords of System.Data.SQLite/RC4 #70
Comments
Typically, a hash algorithm is used to derive the actual encryption key. For the cipher schemes sqleet (ChaCha20) and SQLCipher there exist methods to use a special key syntax to circumvent the key derivation. Those methods are supported by SQLite3MultipleCiphers as well to be compatible with the original implementations of the ciphers.
Currently, SQLite3MultipleCiphers allows to specify hex passwords via URI parameter I will add pragma support for hex passwords with the next release of SQLite3MultipleCiphers. |
Thank you. I thought I missed something. In paticular, all the URI parameters went under radar for me :) |
Release 1.3.10 now includes this enhancement. |
Thank you, much appreciated! (and separate thank you for fix with 40 bytes) |
System.Data.SQLite supported hexadecimal passwords, like this:
data source=mydb.sqlite;hexpassword=6d696c6b
. In case I'm playing in sandbox, and those four bytes are 'milk' in ASCII encoidng, I can also access such database withdata source=mydb.sqlite;password=milk
, and respectively later with SQLite3MultipleCiphersPRAGMA cipher = rc4
andPRAGMA key = 'milk'
.It's reasonable to assume that under the hood there is just binary key used by the algorithm whatsoever, so it's just a matter of finding a way to pass it down.
Problem is that when it comes to real world databases encrypted with random sets of 32 bytes, just straight decoding them into ASCII (or in local code page, or something similar), chances of getting string valid from the point of view of SQLite are pretty slim. Furthermore, SQLite doesn't let any operators left of pragma's equal, so
CAST
s,CHAR
s and||
s are out of option, and there are no variables in SQLite that I know of. So I was not able to access such databases using SQLite3MultipleCiphers. Still I tried passing the key using both special ways (SQLCipher and sqleet) too, but obviously it didn't work.It would be really handy if it was possible to pass hex passwords in similar way for RC4.
The text was updated successfully, but these errors were encountered: