From: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com> |
---|---|
To: | Sasasu <i(at)sasa(dot)su>, Bruce Momjian <bruce(at)momjian(dot)us>, Andres Freund <andres(at)anarazel(dot)de> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: XTS cipher mode for cluster file encryption |
Date: | 2021-10-18 19:02:56 |
Message-ID: | b15e4a89-955c-7d0f-6821-5ac36f3ef118@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 10/18/21 04:19, Sasasu wrote:
> Just a mention. the HMAC (or AE/AD) can be disabled in AES-GCM. HMAC in
> AES-GCM is an encrypt-then-hash MAC.
>
> CRC-32 is not a crypto-safe hash (technically CRC-32 is not a hash
> function). Cryptographers may unhappy with CRC-32.
>
True. If you can flip enough bits in the page, it probably is not very
hard to generate a page with the desired checksum. It's probably harder
with XTS, but likely not much more.
> I think CRC or SHA is not such important. If IV can be stored, I believe
> there should have enough space to store HMAC.
>
Right, I agree.
regards
--
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Anton A. Melnikov | 2021-10-18 19:11:12 | Re: [PATCH] Tracking statements entry timestamp in pg_stat_statements |
Previous Message | Andrew Dunstan | 2021-10-18 18:07:38 | Re: BUG #17212: pg_amcheck fails on checking temporary relations |