Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Joe Conway <mail@joeconway.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, Masahiko Sawada <sawada.mshk@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-06-21T15:55:11Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Wed, Jun 20, 2018 at 06:19:40PM -0400, Joe Conway wrote: > On 06/20/2018 05:12 PM, Bruce Momjian wrote: > > On Mon, Jun 18, 2018 at 11:06:20AM -0400, Joe Conway wrote: > >>> At the same time, having to have a bunch of independently-decipherable > >>> short field values is not real secure either, especially if they're known > >>> to all be encrypted with the same key. But what you know or can guess > >>> about the plaintext in such cases would be target-specific, rather than > >>> an attack that could be built once and used against any PG database. > >> > >> Again is dependent on the specific solution for encryption. In some > >> cases you might do something like generate a single use random key, > >> encrypt the payload with that, encrypt the single use key with the > >> "global" key, append the two results and store. > > > > Even if they are encrypted with the same key, they use different > > initialization vectors that are stored inside the encrypted payload, so > > you really can't identify much except the length, as Robert stated. > > The more you encrypt with a single key, the more fuel you give to the > person trying to solve for the key with cryptanalysis. > > By encrypting only essentially random data (the single use keys, > generated with cryptographically strong random number generator) with > the "master key", and then encrypting the actual payloads (which are > presumably more predictable than the strong random single use keys), you > minimize the probability of someone cracking your master key and you > also minimize the damage caused by someone cracking one of the single > use keys. Yeah, I have a slide about that too, and the previous and next slide: http://momjian.us/main/writings/crypto_hw_use.pdf#page=90 The more different keys you use the encrypt data, the more places you have to store it. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +