Re: storing an explicit nonce
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Ashwin Agrawal <ashwinstar@gmail.com>, Bruce Momjian <bruce@momjian.us>, Ants Aasma <ants@cybertec.at>, Sasasu <i@sasa.su>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-07T20:02:37Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
Greetings, * Robert Haas (robertmhaas@gmail.com) wrote: > On Thu, Oct 7, 2021 at 3:31 PM Ashwin Agrawal <ashwinstar@gmail.com> wrote: > > Not at all knowledgeable on security topics (bravely using terms and recommendation), can we approach decisions like AES-XTS vs AES-GCM (which in turn decides whether we need to store nonce or not) based on which compliance it can achieve or not. Like can using AES-XTS make it FIPS 140-2 compliant or not? > > To the best of my knowledge, the encryption mode doesn't have much to > do with whether such compliance can be achieved. The encryption > algorithm could matter, but I assume everyone still thinks AES is > acceptable. (We should assume that will eventually change.) The > encryption mode is, at least as I understand, more of an internal > thing that you have to get right to avoid having people break your > encryption and write papers about how they did it. The issue regarding FIPS 140-2 specifically is actually about the encryption used (AES-XTS is approved) *and* about the actual library which is doing the encryption, which isn't really anything to do with us but rather is OpenSSL (or perhaps NSS if we can get that finished and included), or maybe some third party that implements one of those APIs that you decide to use (of which there's a few, some of which have FIPS 140-2 certification). So, can you have a FIPS 140-2 compliant system with AES-XTS? Yes, as it's approved: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf Will your system be FIPS 140-2 certified? That's a big "it depends" and will involve you actually taking your fully built system through a testing lab to get it certified. I certainly don't think we can make any promises that taking it through such a test would be successful the first time around, or even ever. First step though would be to get something implemented so that $someone can try and can provide feedback. Thanks, Stephen