Re: storing an explicit nonce
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Antonin Houska <ah@cybertec.at>, Robert Haas <robertmhaas@gmail.com>, Ants Aasma <ants@cybertec.at>, Sasasu <i@sasa.su>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-11T17:07:38Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Fri, Oct 8, 2021 at 02:34:20PM -0400, Stephen Frost wrote: > What I think is missing from this discussion is the fact that, with XTS > (and XEX, on which XTS is built), the IV *is* run through a forward > cipher function, just as suggested above needs to be done for CBC. I > don't see any reason to doubt that OpenSSL is correctly doing that. > > This article shows this pretty clearly: > > https://en.wikipedia.org/wiki/Disk_encryption_theory > > I don't think that changes the fact that, if we're able to, we should be > varying the tweak/IV as often as we can, and including the LSN seems > like a good way to do just that. Keep in mind that in our existiing code (not my patch), the LSN is zero for unlogged relations, a fixed value for some GiST index pages, and unchanged for some hint bit changes. Therefore, while we can include the LSN in the IV because it _might_ help, we can't rely on it. We probably need to have a discussion about whether LSN and checksum should be encrypted on the page. I think we are currently leaning to no encryption for LSN because we can use it as part of the nonce (where is it is variable) and encrypting the checksum for rudimenary integrity checking. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.