| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | hlinnaka(at)iki(dot)fi |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: FPW compression leaks information |
| Date: | 2015-04-13 00:48:35 |
| Message-ID: | CAB7nPqRreJ89sWCRLK7XTkXKeLgxL7nxoPH_dOVd5RMjv+iKqA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Apr 13, 2015 at 9:38 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> On 04/10/2015 05:17 AM, Robert Haas wrote:
>>
>> On Apr 9, 2015, at 8:51 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>>>
>>> What should we do about this?
>>
>>
>> I bet that there are at least 1000 covert channel attacks that are more
>> practically exploitable than this.
>
>
> Care to name some? This is certainly quite cumbersome to exploit, but it's
> doable.
>
> We've talked a lot about covert channels and timing attacks on RLS, but this
> makes me more worried because you can attack passwords stored in pg_authid.
Isn't the attack mentioned on this thread true as long as a user knows
that a given table stores a password? I don't see why this would be
limited to pg_authid.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2015-04-13 02:39:10 | Re: FPW compression leaks information |
| Previous Message | Heikki Linnakangas | 2015-04-13 00:38:32 | Re: FPW compression leaks information |