Re: FPW compression leaks information

On Tue, Jul 7, 2015 at 2:29 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Or another crazy idea is to append "random length" dummy data into
>> compressed FPW. Which would make it really hard for an attacker to
>> guess the information from WAL location. Even if this option is enabled,
>> you can still have the performance improvement by FPW compression
>> (of course if dummy data is not so big).
>
> I'm not sure I'd call that "crazy" as it's done in other systems.. This
> would also help with cases where an attacker can view the WAL length
> through other means, so it has some indepdent advantages.
>
> Curious to hear what others think about that approach though.

It's difficult to know whether the randomization would be effective.

For instance, if one were to use a simple linear congruence generator,
it's possible that the known relationship between the added lengths
allows their effect to be accounted for. The parameters of such RNG
can be leaked by attacking a different table fully under the control
of the attacker, generating WAL with known compression ratios, and
comparing resulting WAL size. IIRC, most non-crypto RNGs can be
similarly attacked.

So it would have to be a cryptographically secure RNG to be safe, and
that would be very costly to run during FPW.