Re: storing an explicit nonce

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Tom Kincaid <tomjohnkincaid(at)gmail(dot)com>
Subject: Re: storing an explicit nonce
Date: 2021-05-25 21:17:25
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > We already discussed that there are too many other ways to break system
> > integrity that are not encrypted/integrity-checked, e.g., changes to
> > clog. Do you disagree?
> We had agreed that this wasn't something that was strictly required in
> the first version and I continue to agree with that. On the other hand,
> if we decide that we ultimately need to use an independent nonce and
> further that we can make room in the special space for it, then it's
> trivial to also include the tag and we absolutely should (or make it
> optional to do so) in that case.

Well, if we can't really say the data has integrity, what does the
validation bytes accomplish? And if are going to encrypt everything
that would allow integrity, we need to encrypt almost the entire file

Bruce Momjian <bruce(at)momjian(dot)us>

If only the physical world exists, free will is an illusion.

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2021-05-25 21:22:43 Re: storing an explicit nonce
Previous Message Bruce Momjian 2021-05-25 21:16:00 Re: storing an explicit nonce