| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Andrew Chernow <ac(at)esilo(dot)com> |
| Cc: | Greg Stark <gsstark(at)mit(dot)edu>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: New types for transparent encryption |
| Date: | 2009-07-08 02:49:09 |
| Message-ID: | 4A540925.8010603@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Chernow wrote:
>
>> Encrypting lots of small chunks of data with the same key is a very
>> dangerous thing to do and it's very tricky to get right.
>
> Using an initialization vector (IV) is the way to go, recommend using
> CBC or CFB mode. Although, an IV is never supposed to be used more
> than once with the same key; that can leak hints about the plaintext.
> Where is the randomly generated IV stored for use during decryption?
Well, you can store it along with the encrypted data. The IV doesn't
need to be secret, just random. I do that for one of my clients.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Chernow | 2009-07-08 02:59:48 | Re: New types for transparent encryption |
| Previous Message | Andrew Chernow | 2009-07-08 02:41:52 | Re: New types for transparent encryption |