[EpiData-list] Encrypted fields in EpiData

epidata-list at lists.umanitoba.ca epidata-list at lists.umanitoba.ca
Mon Jan 3 22:17:32 CST 2005


The use of the strong AES (Rijndael) cipher to encrypt fields in EpiData 
is laudable, but what is the logic of embedding the password encrypted 
with itself in the REC file header? Surely this makes a dictionary 
attack against the password much, much easier than it would be 
otherwise? What is gained by having the encrypted password in the 
header? Surely either the user knows the password, or they don't. Why 
leaves clues in the header which can help someone else find the 
password? If the idea is to provide a backdoor in case the user forgets 
their password, then why use a strong algorithm like AES in the first place?

None of this worries me - I am just curious as to why the design 
decision was made.

Tim C



More information about the EpiData-list mailing list