Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

On Tue, Jul 16, 2019 at 02:04:58AM +0200, Tomas Vondra wrote:
> On Mon, Jul 15, 2019 at 06:05:37PM -0400, Bruce Momjian wrote:
> > On Mon, Jul 15, 2019 at 10:44:34PM +0200, Tomas Vondra wrote:
> > > On Mon, Jul 15, 2019 at 03:55:38PM -0400, Bruce Momjian wrote:
> > > > The crazy seems more sane now --- "encrypt the page with CRC contents as
> > > > zero" (which we probably already do to compute the CRC), then compute
> > > > the CRC, and modify the page CRC.
> > > >
> > >
> > > Huh? So you want to
> > >
> > > 1) set CRC to 0
> > > 2) encrypt the page
> > > 3) compute CRC
> > > 4) set CRC to value computed in (3)
> > > 5) encrypt the page again
> > >
> > > That seems pretty awful from performance POV, and it does not really
> > > solve much as we'd still need to decrypt the page while verifying the
> > > checksums (because the CRC is in the page header, which is encrypted).
> >
> > No, I was thinking we would overwrite whatever the encrypted output was
> > in the spot that has the CRC with the computed CRC. Yeah, sounds even
> > crazier now that I said it --- never mind.
> >
>
> Uh, how could that possibly work? Symmetric ciphers are "diffusing" the
> bits within the block, i.e. replacing 16 bits in a 128-bit ciphertext
> block will affect the whole plaintext block, not just the matching 16
> bits of plaintext.

Yes, it would only work if the checksum was the last part of the page,
or if we used CTR mode, where changing the source bits doens't affect
the later bits. I am thinking crazy here, I know, but it seemed worth
mentioning in case someone liked it.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +