Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Antonin Houska <ah@cybertec.at>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Toshi Harada <harada.toshi@po.ntt-tx.co.jp>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2019-04-05T19:57:33Z
Lists: pgsql-hackers
On Fri, Apr 5, 2019 at 11:22 AM Antonin Houska <ah@cybertec.at> wrote: > > Wouldn't Tom's proposal to use a stream cipher fix all this? > > Yes it would make the extra alignment unnecessary, but our solution tries to > meet specific requirements of disk encryption. Stream cipher appears to be > incompatible with these requirements: > > https://en.wikipedia.org/wiki/Disk_encryption_theory Hmm. Well, I don't know what to do about that, but I think this patch is going to be facing an uphill battle if the encrypted and unencrypted WAL formats use different alignment. > Currently we try to use the CBC-ESSIV mode. It's worth to mention that in this > mode, if the page is encrypted twice and if the plain data in the encryption > block N (i.e. block of 16 bytes) changes before the 2nd encryption, the > encrypted data will only change in blocks >= N. So the problem of losing > already flushed WAL records should not happen. Well, this is just a question of alignment. If WAL records are at least 16-byte aligned, then it should be fine. But I have a feeling they may just be MAXALIGN'd. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Dramatically reduce System V shared memory consumption.
- b0fc0df9364d 9.3.0 cited