| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Date: | 2018-06-20 20:58:02 |
| Message-ID: | 20180620205802.GA17551@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, May 25, 2018 at 08:41:46PM +0900, Moon, Insung wrote:
> BTW, I want to support CBC mode encryption[3]. However, I'm not sure how to use the IV in CBC mode for this proposal.
> I'd like to hear opinions by security engineer.
Well, CBC makes sense, and since AES uses a 16 byte block size, you
would start with the initialization vector (IV) and run over the 8k page
512 times. The IV can be any random value that is not repeated, and
does not need to be secret.
However, using the same IV for the entire table would mean that people
can detect if two pages in the same table contain the same data. You
might care about that, or you might not. It would prevent detection of
two _tables_ containing the same 8k page. A more secure solution would
be to use a different IV for each 8k page.
The cleanest idea would be for the per-table IV to be stored per table,
but the IV used for each block to be a mixture of the table's IV and the
page's offset in the table.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2018-06-20 21:03:59 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Previous Message | Robbie Harwood | 2018-06-20 20:34:10 | Re: libpq compression |