| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Ants Aasma <ants(at)cybertec(dot)at> |
| Cc: | Sasasu <i(at)sasa(dot)su>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: storing an explicit nonce |
| Date: | 2021-10-05 20:29:25 |
| Message-ID: | 20211005202925.GA24555@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Sep 28, 2021 at 12:30:02PM +0300, Ants Aasma wrote:
> On Mon, 27 Sept 2021 at 23:34, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> We are still working on our TDE patch. Right now the focus is on refactoring
> temporary file access to make the TDE patch itself smaller. Reconsidering
> encryption mode choices given concerns expressed is next. Currently a viable
> option seems to be AES-XTS with LSN added into the IV. XTS doesn't have an
> issue with predictable IV and isn't totally broken in case of IV reuse.
Uh, yes, AES-XTS has benefits, but since it is a block cipher, previous
16-byte blocks affect later blocks, meaning that hint bit changes would
also affect later blocks. I think this means we would need to write WAL
full page images for hint bit changes to avoid torn pages. Right now
hint bit (single bit) changes can be lost without causing torn pages.
This was another of the advantages of using a stream cipher like CTR.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2021-10-05 20:38:11 | Re: can we add subscription TAP test option "vcregress subscriptioncheck" for MSVC builds? |
| Previous Message | Andres Freund | 2021-10-05 20:10:37 | Re: TAP test for recovery_end_command |