Forgive me if this has been asked already. I poked around a bit and didn’t see anything addressing this. I am curious as to why CBC is the default (and now only) cypher mode? Especially when there are other modes that are just as good if not better.
Hello @fedorareis - thanks for your interest in SQLCipher. For much of SQLCipher’s history OpenSSL 0.9.x was widely distributed and used on target platforms where SQLCipher would be dynamically linked. CBC was one of the only reliably available modes that provided a reasonable level of security. Authentication (i.e. EtM HMAC) is already handled separately in SQLCipher, so using an authenticated mode is not strictly required. Furthermore, given the way SQLCipher is typically used, (e.g. small pages / database chunks which are separately accessed on demand), parallel operation isn’t a strict requirement either. As a result, CBC provides a good mix of security and compatibility/interoperability. This of course may change in the future, though we try not to make changes to default settings outside of major version number changes with compelling justification.