Re: storing an explicit nonce
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Antonin Houska <ah@cybertec.at>, Robert Haas <robertmhaas@gmail.com>, Ants Aasma <ants@cybertec.at>, Sasasu <i@sasa.su>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-11T19:15:22Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Mon, Oct 11, 2021 at 01:30:38PM -0400, Stephen Frost wrote: > Greetings, > > > Keep in mind that in our existing code (not my patch), the LSN is zero > > for unlogged relations, a fixed value for some GiST index pages, and > > unchanged for some hint bit changes. Therefore, while we can include > > the LSN in the IV because it _might_ help, we can't rely on it. > > Regarding unlogged LSNs at least, I would think that we'd want to > actually use GetFakeLSNForUnloggedRel() instead of just having it zero'd > out. The fixed value for GiST index pages is just during the index Good idea. For my patch I had to use a WAL-logged dummy LSN, but for our use, re-using a fake LSN after a crash seems fine, so we can just use the existing GetFakeLSNForUnloggedRel(). However, we might need to use the part of my patch that removes the assumption that unlogged relations always have zero LSNs, because right now they are only used for GiST indexes --- I would have to research that more. > Yes, that's the direction that I was thinking also and specifically with > XTS as the encryption algorithm to allow us to exclude the LSN but keep > everything else, and to address the concern around the nonce/tweak/etc > being the same sometimes across multiple writes. Another thing to > consider is if we want to encrypt zero'd page. There was a point > brought up that if we do then we are encrypting a fair bit of very > predictable bytes and that's not great (though there's a fair bit about > our pages that someone could quite possibly predict anyway based on > table structures and such...). I would think that if it's easy enough > to not encrypt zero'd pages that we should avoid doing so. Don't recall > offhand which way zero'd pages were being handled already but thought it > made sense to mention that as part of this discussion. Yeah, I wanted to mention that. I don't see any security difference between fully-zero pages, pages with headers and no tuples, and pages with headers and only a few tuples. If any of those are insecure, they all are. Therefore, I don't see any reason to treat them differently. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.