Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Joe Conway <mail@joeconway.com>
Cc: Ryan Lambert <ryan@rustprooflabs.com>, Tomas Vondra <tomas.vondra@2ndquadrant.com>, Stephen Frost <sfrost@snowman.net>, Masahiko Sawada <sawada.mshk@gmail.com>, Robert Haas <robertmhaas@gmail.com>, Antonin Houska <ah@cybertec.at>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-07-09T15:11:32Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Tue, Jul 9, 2019 at 09:16:17AM -0400, Joe Conway wrote: > On 7/9/19 8:39 AM, Ryan Lambert wrote: > > Hi Thomas, > > > >> CBC mode does require > >> random nonces, other modes may be fine with even sequences as long as > >> the values are not reused. > > > > I disagree that CBC mode requires random nonces, at least based on what > > NIST has published. They only require that the IV (not the nonce) must > > be unpredictable per [1]: > > > > " For the CBC and CFB modes, the IVs must be unpredictable." > > > > The unpredictable IV can be generated from a non-random nonce including > > a counter: > > > > "There are two recommended methods for generating unpredictable IVs. The > > first method is to apply the forward cipher function, under the same key > > that is used for the encryption of the plaintext, to a nonce. The nonce > > must be a data block that is unique to each execution of the encryption > > operation. For example, the nonce may be a counter, as described in > > Appendix B, or a message number." > > > > [1] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf > > > The terms nonce and IV are often used more-or-less interchangeably, and > it is important to be clear when we are talking about an IV specifically > - an IV is a specific type of nonce. Nonce means "number used once". > i.e. unique, whereas an IV (for CBC use anyway) should be unique and > random but not necessarily kept secret. The NIST requirements that > Stephen referenced elsewhere on this thread are as I understand it > intended to ensure the random but unique property with high probability. Good point about nonce and IV. I wonder if running the nonce through the cipher with the key makes it random enough to use as an IV. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +