| From: | tomas(at)tuxteam(dot)de |
|---|---|
| To: | Sam Halliday <sam(dot)halliday(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFE: Transparent encryption on all fields |
| Date: | 2009-04-28 04:49:38 |
| Message-ID: | 20090428044938.GA16936@tomas |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote:
>
>
> Tomas Zerolo wrote:
> >
> >> If there were a way to prompt the user for the password to an encrypted
> >> drive on startup for all OS, with an equivalent for headless machines...
[...]
> There is a difference between "it's possible" and "there is". I know of no
> such standard support of either of the standard OSes.
Sorry. Denial doesn't help. It's not only "possible", it's being done
all the time. Cf. <http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS>,
for example. But you are attacking a strawman anyway.
Client-side decryption matches much better what you had in mind -- and
I think it's provably no less secure (and more convenient).
The only hypothetical advantage of server-side encryption (there might
be an opportunity of indexing) seems to be so mired in technical
difficulties (if you want to avoid information leaks anyway) that I
can't even imagine whether it's a real advantage.
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR
nomoWcaFoE9fiYPD0EOr9To=
=KevK
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2009-04-28 05:30:08 | Re: Clean shutdown and warm standby |
| Previous Message | Pavel Stehule | 2009-04-28 03:47:25 | Re: idea: global temp tables |