Re: storing an explicit nonce

Ants Aasma <ants@cybertec.at>

From: Ants Aasma <ants@cybertec.at>
To: Bruce Momjian <bruce@momjian.us>
Cc: Stephen Frost <sfrost@snowman.net>, Antonin Houska <ah@cybertec.at>, Robert Haas <robertmhaas@gmail.com>, Sasasu <i@sasa.su>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-12T21:48:51Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Rethink method for assigning OIDs to the template0 and postgres DBs.

  2. pg_upgrade: Preserve database OIDs.

  3. pg_upgrade: Preserve relfilenodes and tablespace OIDs.

  4. Fix for new Boolean node

  5. Improve error handling of HMAC computations

  6. Add macro RelationIsPermanent() to report relation permanence

  7. Enhance nbtree index tuple deletion.

On Wed, 13 Oct 2021 at 00:25, Bruce Momjian <bruce@momjian.us> wrote:

> On Tue, Oct 12, 2021 at 11:21:28PM +0300, Ants Aasma wrote:
> > On Tue, 12 Oct 2021 at 16:14, Bruce Momjian <bruce@momjian.us> wrote:
> >
> >     Well, how do you detect an all-zero page vs a page that encrypted to
> all
> >     zeros?
> >
> > Page encrypting to all zeros is for all practical purposes impossible to
> hit.
> > Basically an attacker would have to be able to arbitrarily set the whole
> > contents of the page and they would then achieve that this page gets
> ignored.
>
> Uh, how do we know that valid data can't produce an encrypted all-zero
> page?
>

Because the chances of that happening by accident are equivalent to making
a series of commits to postgres and ending up with the same git commit hash
400 times in a row.

--

Ants Aasma
Senior Database Engineerwww.cybertec-postgresql.com