| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Date: | 2019-07-27 17:33:36 |
| Message-ID: | 20190727173336.abpvupgfrw5bspix@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jul 25, 2019 at 11:30:55PM -0400, Alvaro Herrera wrote:
> On 2019-Jul-25, Alvaro Herrera wrote:
>
> > > Uh, there are no known attacks on AES with known plain-text, e.g., SSL
> > > uses AES, so I think we are good with encrypting everything after the
> > > first 16 bytes.
> >
> > Well, maybe there aren't any attacks *now*, but I don't know what will
> > happen in the future. I'm not clear what's the intended win by
> > encrypting the all-zeroes page hole anyway. If you leave it
> > unencrypted, the attacker knows the size of the hole, as well as the
> > size of the tuple data area and the size of the LP array. Is that a
> > side-channer that leaks much?
>
> This answer https://crypto.stackexchange.com/a/31090 is interesting for
> three reasons:
>
> 1. it says we don't really have to worry about cleartext attacks, at
> least not in the immediate future, so encrypting the hole should be OK;
>
> 2. it seems to reinforces a point I tried to make earlier, which is that
> reusing the IV a small number of times is *not that bad*:
I think using LSN and page number, we will _never_ reuse the IV, except
for cases like promoting two standbys, which I think we have to document
as an insecure practice.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2019-07-27 17:38:41 | Re: [PATCH] get rid of StdRdOptions, use individual binary reloptions representation for each relation kind instead |
| Previous Message | Bruce Momjian | 2019-07-27 17:31:49 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |