RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

Dear Tomas Vondra.

> -----Original Message-----
> From: Tomas Vondra [mailto:tomas(dot)vondra(at)2ndquadrant(dot)com]
> Sent: Wednesday, June 13, 2018 10:15 PM
> To: Moon, Insung; pgsql-hackers(at)postgresql(dot)org
> Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
>
> Hi,
>
> On 05/25/2018 01:41 PM, Moon, Insung wrote:
> > Hello Hackers,
> >
> > ...
> >
> > BTW, I want to support CBC mode encryption[3]. However, I'm not sure
> > how to use the IV in CBC mode for this proposal. I'd like to hear
> > opinions by security engineer.
> >
>
> I'm not a cryptographer either, but this is exactly where you need a prior discussion about the threat models - there
> are a couple of chaining modes, each with different weaknesses.
>

Thank you for your advice.
First, I'm researched to more security problem and found that CBC mode is an not safe encryption mode.
Later, when I'll create a PoC, using to GCM or XTS encryption mode.
And this time I know for using the same IV is dangerous, and I'm doing some more research on this.

Thank you and Best regards.
Moon.

> FWIW it may also matter if data_checksums are enabled, because that may prevent malleability attacks affecting of the
> modes. Assuming active attacker (with the ability to modify the data files) is part of the threat model, of course.
>
> regards
>
> --
> Tomas Vondra http://www.2ndQuadrant.com
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services