Quick Links

Re: [ADMIN] Secure DB Systems - How to

From:	Bruno Wolff III <bruno(at)wolff(dot)to>
To:	Greg Stark <gsstark(at)mit(dot)edu>
Cc:	Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>, Mitch Pirtle <mitchy(at)spacemonkeylabs(dot)com>, pgsql-php(at)postgresql(dot)org
Subject:	Re: [ADMIN] Secure DB Systems - How to
Date:	2004-07-29 18:00:10
Message-ID:	20040729180010.GA23523@wolff.to
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-support pgsql-admin pgsql-hackers-win32 pgsql-php pgsql-sql

On Wed, Jul 28, 2004 at 16:16:10 -0400,
Greg Stark <gsstark(at)mit(dot)edu> wrote:
>
> Bruno Wolff III <bruno(at)wolff(dot)to> writes:
>
> > That depends on the kind of queries. Searching for exact matches should work
> > fine. Some other things can be done in special cases.
>
> If searching for exact matches works then you're using a naive encryption
> system. The problem is that it also means your database is vulnerable to
> dictionary attacks. Good encryption systems will include random padding to
> ensure that you can't attack it by merely guessing many possible plaintexts
> and verifying to see if any match.

IVs act to make the key appear longer. This is especially useful when humans
are picking passphrases that are used to generate the key. If you control
what the actual keys are, then you can make dictionary attacks impractical.
However, there still would be the problem that identical items in the
database would be identical. Which, depnding on your application, might
be a problem because of information leakage.

In response to

Re: [ADMIN] Secure DB Systems - How to at 2004-07-28 20:16:10 from Greg Stark

Responses

Re: [ADMIN] Secure DB Systems - How to at 2004-07-30 09:43:31 from Daniel Struck

Browse pgadmin-support by date

	From	Date	Subject
Next Message	Andreas Pflug	2004-07-29 19:08:59	Re: two bugs?
Previous Message	Rodríguez Rodríguez, Pere	2004-07-29 13:46:17	Re: two bugs?

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Steve	2004-07-30 00:14:19	Re: please please please PLEASE help!
Previous Message	Bruce Momjian	2004-07-29 17:33:35	Re: [HACKERS] Point in Time Recovery

Browse pgsql-hackers-win32 by date

	From	Date	Subject
Next Message	Andreas Pflug	2004-07-29 19:52:36	stderr piping under win32
Previous Message	Tom Lane	2004-07-29 17:49:49	Re: localtime() for win32 problem.

Browse pgsql-php by date

	From	Date	Subject
Next Message	Daniel Struck	2004-07-30 09:43:31	Re: [ADMIN] Secure DB Systems - How to
Previous Message	Christopher Kings-Lynne	2004-07-29 14:53:04	Re: inet_aton in mysql, how to convert it to postresql?

Browse pgsql-sql by date

	From	Date	Subject
Next Message	Kemin Zhou	2004-07-29 21:05:25	Re: Table and/or Database Creation Time
Previous Message	Daniel Struck	2004-07-29 09:16:08	Re: [ADMIN] Secure DB Systems - How to