Quick Links

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

From:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To:	Sehrope Sarkuni <sehrope(at)jackdb(dot)com>
Cc:	Bruce Momjian <bruce(at)momjian(dot)us>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date:	2019-07-29 20:15:18
Message-ID:	20190729201518.GA21947@alvherre.pgsql
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2019-Jul-27, Sehrope Sarkuni wrote:

> Given the non-cryptographic nature of CRC and its 16-bit size, I'd
> round down the malicious tamper detection it provides to zero. At best
> it catches random disk errors so might as well keep it in plain text
> and checkable offline.

But what attack are we protecting against? We fear that somebody will
steal a disk or a backup. We don't fear that they will *write* data.
The CRC is there to protect against data corruption. So whether or not
the CRC protects against malicious tampering is beside the point.

If we were trying to protect against an attacker having access to
*writing* data in the production server, this encryption scheme is
useless: they could just as well read unencrypted data from shared
buffers anyway.

I think trying to protect against malicious data tampering is a second
step *after* this one is done.

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-07-27 19:02:02 from Sehrope Sarkuni

Responses

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-07-29 22:11:14 from Sehrope Sarkuni

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2019-07-29 20:28:03	Re: block-level incremental backup
Previous Message	Alvaro Herrera	2019-07-29 20:09:52	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)