Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Nico Williams <nico@cryptonector.com>
From: Nico Williams <nico@cryptonector.com>
To: Joe Conway <mail@joeconway.com>
Cc: Bruce Momjian <bruce@momjian.us>, Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, Masahiko Sawada <sawada.mshk@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-06-20T22:28:43Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Wed, Jun 20, 2018 at 06:19:40PM -0400, Joe Conway wrote: > On 06/20/2018 05:12 PM, Bruce Momjian wrote: > > On Mon, Jun 18, 2018 at 11:06:20AM -0400, Joe Conway wrote: > > Even if they are encrypted with the same key, they use different > > initialization vectors that are stored inside the encrypted payload, so > > you really can't identify much except the length, as Robert stated. Definitely use different IVs, and don't reuse them (or use cipher modes where IV reuse is not fatal). > The more you encrypt with a single key, the more fuel you give to the > person trying to solve for the key with cryptanalysis. With modern 128-bit block ciphers in modern cipher modes you'd have to encrypt enough data to make this not a problem. On the other hand, you'll still have other reasons to do key rotation. Key rotation ultimately means re-encrypting everything. Getting all of this right is very difficult. So again, what's the threat model? Because if it's sysadmins/DBAs you're afraid of, there are better things to do. Nico --