Quick Links

Re: New types for transparent encryption

From:	Andrew Chernow <ac(at)esilo(dot)com>
To:	Greg Stark <gsstark(at)mit(dot)edu>
Cc:	Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: New types for transparent encryption
Date:	2009-07-08 02:41:52
Message-ID:	4A540770.7070001@esilo.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> Encrypting lots of small chunks of data with the same key is a very
> dangerous thing to do and it's very tricky to get right.

Using an initialization vector (IV) is the way to go, recommend using CBC or CFB
mode. Although, an IV is never supposed to be used more than once with the same
key; that can leak hints about the plaintext. Where is the randomly generated
IV stored for use during decryption?

--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/

In response to

Re: New types for transparent encryption at 2009-07-08 01:09:55 from Greg Stark

Responses

Re: New types for transparent encryption at 2009-07-08 02:49:09 from Andrew Dunstan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andrew Dunstan	2009-07-08 02:49:09	Re: New types for transparent encryption
Previous Message	Greg Stark	2009-07-08 01:09:55	Re: New types for transparent encryption