Re: XTS cipher mode for cluster file encryption

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Sasasu <i(at)sasa(dot)su>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: XTS cipher mode for cluster file encryption
Date: 2021-10-22 23:57:02
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, Oct 19, 2021 at 02:44:26PM -0400, Stephen Frost wrote:
> There are ways around it. There likely always will be. We need to be
> clear about what it provides and what it doesn't. We need to stop
> telling ourselves that the only answer is a 100% solution and therefore
> it's impossible to do. Users who care about these capabilities will
> understand that it's not 100% and they will still happily use it because
> it's better than 0% which is where we are today and is why they are
> going with other solutions. Yes, if it's trivial to get around then
> perhaps it's not much better than 0% and if that's the case then it
> doesn't make sense to do it, but none of what has been discussed here
> thus far has made me feel like either the XTS or the GCM-SIV approaches
> would be trivial to to circumvent for the threat models they're intended
> to address, though it certainly takes more care and more thought when
> we're trying to address someone who has write access to part of the
> system and that we need to be clear what is addressed and what isn't in
> all of these cases.

Stephen, your emails on this thread have been very helpful and on-topic.
I think the distinction above is that it is useful to fully protect
against some attack types, even if we don't protect against all attack
types. For example, if we protect 100% against read attacks, it doesn't
mean that gets reduced to 50% because we don't protect against write
attacks --- we are still 100% read-protected and 0% write protected.

Bruce Momjian <bruce(at)momjian(dot)us>

If only the physical world exists, free will is an illusion.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2021-10-23 00:04:50 Re: XTS cipher mode for cluster file encryption
Previous Message Alvaro Herrera 2021-10-22 23:51:22 Re: pg_dump versus ancient server versions