It is enough secure enabling WireCrypt when connecting over internet

I have a .NET application connecting over the internet to a Firebird 3 installed on a VPS. It is enough secure enabling WireCrypt?Should I use something else like OpenVpn to secure the connection? thanks


Solution 1:

You correctly ask if WireCrypt provides "sufficient security".
That implies that you're aware that security is usually a trade-off.
No security is easy, some security is usually better, but better security usually requires more effort and the best security is usually a PITA to set up and keep secure; and only you can determine what effort is worthwhile based on the value of your data, your business process and possible threats in your risk analyses.

In this case specific concerns are :

  • The only default cipher option for WireCrypt in Firebird SQL is ARC4

  • The source of all truth, WikiPedia describes the ARC4 cipher as follows: "While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure".