I am using PyCrypto to keep some files in the SQLITE database.
I am using 4 fields :
the title from the file,
the size of the file (in bytes)
the SHA512 hash from the file
the encoded file (with AES after which base64 to ASCII).
I want all of the fields to exhibit some information on the file without decrypting it.
Now you ask , : could it be secure to keep the information such as this ?
For instance, the very first figures of the ZIP file, or executable file will always be exactly the same, and when you know the hash and the size of the file ... can you really decrypt the file, maybe partly ?
When not secure, how do i store some good info concerning the file to index the files without decrypting them ? (information like length, hash, title, tags, etc)
(i personally use python, however, you can provide good examples in almost any language) Thanks greatly !
Data encoded with AES has got the same length because the plain data (more or less some block padding), so giving original length away does not harm security. SHA512 is really a strong cryptographic hash designed to supply minimal details about the initial content, and so i aren't seeing an issue here either.
Therefore, I believe your plan is very safe. Any information "uncovered" because of it is minimal. Key management will most likely be considered a larger concern anyway.
To prevent any problems in regards to the first couple of bytes being exactly the same, you need to use AES in Block Cipher mode having a random IV. This guarantees that even when the very first block (length is dependent around the key size) of two encoded files is the same, the cipher text will change.
Should you choose that, I see not a problem together with your approach.
You cannot just say "oah its AES-256 obviously its secure." Simply by your publish I can tell that the confusing attacks against stream ciphers and block ciphers, which means you most likely should NOT be applying this before you acutally investigate into this subject.
That being stated you have to find out about block cipher modes of operation. The whole CWE-310 family. It can't hurt to get a duplicate of piratical cryptography. In the end of this there's still lots of space that you should completely mess this up.
Real solution: USE Another Person's IMPLEMENTATION.
You will need to consider what attacks you need to safeguard against, and also the assets from the possible attackers.
Generally, storing some data encoded is just helpful whether it satisfies your exact needs. Particularly, if there's a means an assailant could compromise the important thing simultaneously because the data, then your file encryption is effectively useless.