问题
It encrypts the SQLLite database at page level, ok thats fine, nothing wrong with that!
but what about your source code? its compiled, but even if its compiled someone could decompile it, retrieve your password and decrypt the database?
回答1:
How safe is SQLCipher?
According to the SQLCipher design documentation, it is based on secure components (AES, OpenSSL, HMAC_SHA1, PBKDF2,...). If those claims are correct, it sounds good to me.
What is a bit unusual (to me, at least) is that there is a random IV per page. This is somewhat different to the typical file system encryption mode AES-XTS. The design used by SQLCipher has certain advantages over AES-XTS, for example writing the same data again will not result in the same encrypted page. However, possibly there are disadvantages, for example I'm not quite sure if with SQLCipher it is possible to move or copy pages (copy encrypted pages to another page). It might not be possible, however from the design document I don't see how this is prevented. Such is the risk if a non-standard encryption mode is used :-) But even if this is a problem, it wouldn't allow an attacker to read the data; it would only allow certain types of attacks. Even with AES-XTS certain types of attacks are possible, so I wouldn't be worried too much.
What about your source code?
To keep things save, don't store the password in the code. Instead, let the user enter the password, or store it in a key-chain. This is possible for both Android and iOS as far as I see, but I don't know the details.
来源:https://stackoverflow.com/questions/18326846/sqlcipher-how-safe-is-sqlcipher-has-it-been-hacked