Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Antonin Houska <ah@cybertec.at>,
Toshi Harada <harada.toshi@po.ntt-tx.co.jp>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2019-03-15T21:48:24Z
Lists: pgsql-hackers
On Fri, Mar 15, 2019 at 5:10 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > ISTM that this is only a problem if you choose the wrong encryption > method. One not-wrong encryption method is to use a stream cipher > --- maybe that's not the exact right technical term, but anyway > I'm talking about a method which notionally XOR's the cleartext > data with a random bit stream generated from the encryption key > (probably along with other knowable inputs such as the block number). > In such a method, corruption of individual on-disk bytes doesn't > prevent you from getting the correct decryption of on-disk bytes > that aren't corrupted. Oh, that seems like it might be a really good idea. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Dramatically reduce System V shared memory consumption.
- b0fc0df9364d 9.3.0 cited