| From: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | vignesh C <vignesh21(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: Moving forward with TDE [PATCH v3] |
| Date: | 2023-11-06 16:37:39 |
| Message-ID: | CAOxo6X+zVqfea9JpNtVGyG1yf=8WWyYcFr=65bMe6+7gxVmUuA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Nov 3, 2023 at 9:53 PM Andres Freund <andres(at)anarazel(dot)de> wrote:
> On 2023-11-02 19:32:28 -0700, Andres Freund wrote:
> > > From 327e86d52be1df8de9c3a324cb06b85ba5db9604 Mon Sep 17 00:00:00 2001
> > > From: David Christensen <david(at)pgguru(dot)net>
> > > Date: Fri, 29 Sep 2023 15:16:00 -0400
> > > Subject: [PATCH v3 5/5] Add encrypted/authenticated WAL
> > >
> > > When using an encrypted cluster, we need to ensure that the WAL is also
> > > encrypted. While we could go with an page-based approach, we use
> instead a
> > > per-record approach, using GCM for the encryption method and storing
> the AuthTag
> > > in the xl_crc field.
>
> What was the reason for this decision?
>
This was mainly to prevent IV reuse by using a per-record encryption rather
than per-page, since partial writes out on the WAL buffer would result in
reuse there. This was somewhat of an experiment since authenticated data
per record was basically equivalent in function to the CRC.
There was a switch here so normal clusters use the crc field with the
existing CRC implementation, only encrypted clusters use this alternate
approach.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2023-11-06 16:46:23 | Re: Explicitly skip TAP tests under Meson if disabled |
| Previous Message | David Christensen | 2023-11-06 16:32:30 | Re: Moving forward with TDE [PATCH v3] |