1)
Never reuse keys; use a new key for each file. This is
true whether you use a stream or block cipher. Never use
a block cipher in ECB mode for encrypting files. etc. etc.
2)
There are numerous schemes that support random file access
while encrypting. With block ciphers in CBC mode it is
common practice to begin every n-size block with a new IV.
You'll have to deal with the size-changing aspects here,
since block ciphers require IVs and padding.
3)
Length-increasing random functions such as SEAL 3.0 (under
an IBM patent) have the advantage of absolute speed (they
are the fastest software encryption algorithms) and the
ability to move independently to any block of k bits in the
keystream. This supports random file access quite well.
Despite some of the comments you've read here, secure
encryption with random access is feasible. Alternately,
you could use RC4 and you'll need to manually wind the
keystream to the place in the file you're seeking to.
4)
Do a Google search on Cryptfs and fistgen.
5)
File encryption is problematic -- programs can only operate
on plaintext versions, anyway, which means writing plaintext
bits to disk. Ack. Ppppt.
6)
Most file reads are sequential -- most file writes are appends.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
