Re: storing an explicit nonce
Andres Freund <andres@anarazel.de>
From: Andres Freund <andres@anarazel.de>
To: Bruce Momjian <bruce@momjian.us>
Cc: Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Masahiko Sawada <sawada.mshk@gmail.com>, Tom Kincaid <tomjohnkincaid@gmail.com>, Amit Kapila <amit.kapila16@gmail.com>, Thomas Munro <thomas.munro@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Masahiko Sawada <masahiko.sawada@2ndquadrant.com>
Date: 2021-05-27T00:11:24Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
Hi, On 2021-05-25 17:12:05 -0400, Bruce Momjian wrote: > If we used a block cipher instead of a streaming one (CTR), this might > not work because the earlier blocks can be based in the output of > later blocks. What made us choose CTR for WAL & data file encryption? I checked the README in the patchset and the wiki page, and neither seem to discuss that. The dangers around nonce reuse, the space overhead of storing the nonce, the fact that single bit changes in the encrypted data don't propagate seem not great? Why aren't we using something like XTS? It has obvious issues as wel, but CTR's weaknesses seem at least as great. And if we want a MAC, then we don't want CTR either. Greetings, Andres Freund