The newest update of my Cloud Server app brings advanced security 🔑 improvements with its key feature, available for my beloved unlimited users - password protection for the full database encryption.
Last autumn I added the option to use AES256 encryption upon storing database data on disk. All newly created databases will enable this option by default and previously created databases will have an option to upgrade and encrypt the data.
How does it work then? 🔐
The password you choose is combined with carefully chosen cryptographically random pepper. Such combination is then passed through an industry standard key derivation function – PBKDF2 with over 200k passes and secure salt to enable adequate security against modern brute-forcing or dictionary attacks. The key obtained in this way is then used to encrypt the master key for this particular database using AES256 encryption algorithm and store it along side the database on the disk. I believe, such approach will guarantee the best security available for storing and accessing data conveniently and in a secure way, as long as you choose a reasonably strong password. 😉
But what if you don’t want to set a custom password? 🔑
In this case I can assure you, your data will still benefit from these security improvements. All databases utilising full database encryption without a set password will still use the same mechanism of combining a random pepper with a value, derived from your database, to derive a key which will then be used to encrypt the master key for this database just like in the case when password protection is enabled.