Re: storing an explicit nonce
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Ants Aasma <ants@cybertec.at>, Sasasu <i@sasa.su>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-06T16:54:49Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Wed, Oct 6, 2021 at 11:01:25AM -0400, Robert Haas wrote: > On Tue, Oct 5, 2021 at 4:29 PM Bruce Momjian <bruce@momjian.us> wrote: > > On Tue, Sep 28, 2021 at 12:30:02PM +0300, Ants Aasma wrote: > > > On Mon, 27 Sept 2021 at 23:34, Bruce Momjian <bruce@momjian.us> wrote: > > > We are still working on our TDE patch. Right now the focus is on refactoring > > > temporary file access to make the TDE patch itself smaller. Reconsidering > > > encryption mode choices given concerns expressed is next. Currently a viable > > > option seems to be AES-XTS with LSN added into the IV. XTS doesn't have an > > > issue with predictable IV and isn't totally broken in case of IV reuse. > > > > Uh, yes, AES-XTS has benefits, but since it is a block cipher, previous > > 16-byte blocks affect later blocks, meaning that hint bit changes would > > also affect later blocks. I think this means we would need to write WAL > > full page images for hint bit changes to avoid torn pages. Right now > > hint bit (single bit) changes can be lost without causing torn pages. > > This was another of the advantages of using a stream cipher like CTR. > > This seems wrong to me. CTR requires that you not reuse the IV. If you > re-encrypt the page with a different IV, torn pages are a problem. If > you re-encrypt it with the same IV, then it's not secure any more. We were not changing the IV for hint bit changes, meaning the hint bit changes were visible if you compared the blocks. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.