| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Ants Aasma <ants(at)cybertec(dot)at> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Sasasu <i(at)sasa(dot)su>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: storing an explicit nonce |
| Date: | 2021-10-07 19:11:42 |
| Message-ID: | 20211007191142.GD24305@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 7, 2021 at 09:59:31PM +0300, Ants Aasma wrote:
> On Thu, 7 Oct 2021 at 21:52, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> With XTS this isn't actually the case though, is it..? Part of the
> point of XTS is that the last block doesn't have to be a full 16 bytes.
> What you're saying is true for XEX, but that's also why XEX isn't used
> for FDE in a lot of cases, because disk sectors aren't typically
> divisible by 16.
>
> https://en.wikipedia.org/wiki/Disk_encryption_theory
>
> Assuming that's correct, and I don't see any reason to doubt it, then
> perhaps it would make sense to have the LSN be unencrypted and include
> it in the tweak as that would limit the risk from re-use of the same
> tweak over time.
>
>
> Right, my thought was to leave the first 8 bytes of pages, the LSN, unencrypted
> and include the value in the tweak. Just tested that OpenSSL aes-256-xts
> handles non multiple-of-16 messages just fine.
Great.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2021-10-07 19:12:07 | Re: storing an explicit nonce |
| Previous Message | Bruce Momjian | 2021-10-07 19:11:26 | Re: storing an explicit nonce |