| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Joe Conway <mail(at)joeconway(dot)com>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Date: | 2019-07-05 22:29:04 |
| Message-ID: | 20190705222904.saaxno3ydqq5ssbo@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jul 5, 2019 at 05:00:42PM -0400, Bruce Momjian wrote:
> On Fri, Jul 5, 2019 at 04:24:54PM -0400, Alvaro Herrera wrote:
> > On 2019-Jul-05, Bruce Momjian wrote:
> >
> > > Uh, well, you have the WAL record, and you want to write it to an 8k
> > > page. You have to read the 8k page from disk into shared buffers, and
> > > you have to decrypt the 8k page to do that, right? We aren't going to
> > > store 8k pages encrypted in shared buffers, right?
> >
> > Oh, is that the idea? I was kinda assuming that the data was kept
> > as-stored in shared buffers, ie. it would be decrypted on access, not on
> > read from disk. The system seems very prone to leakage if you have it
> > decrypted in shared memory.
>
> Well, the overhead of decrypting on every access will make the slowdown
> huge, and I don't know what security value that would have. I am not
> sure what security value TDE itself has, but I think encrypting shared
> buffer contents has even less.
Sorry I didn't answer your question directly. Since the shared buffers
are in memory, if the decryption key is also unlocked in memory, there
isn't much value to encrypting shared buffers, and the overhead would be
huge.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2019-07-05 22:40:53 | Re: Change atoi to strtol in same place |
| Previous Message | Tomas Vondra | 2019-07-05 22:06:49 | Re: Extending PostgreSQL with a Domain-Specific Language (DSL) - Development |