From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Sehrope Sarkuni <sehrope(at)jackdb(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
Date: | 2019-07-27 19:08:44 |
Message-ID: | 5fa320ec-a151-503e-9f30-fab61e512d9b@joeconway.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 7/27/19 3:02 PM, Sehrope Sarkuni wrote:
> More generally, without a cryptographic MAC I don't think it's
> possible to provide any meaningful malicious tamper detection. And
> even that would have to be off-page to deal with page replay (which I
> think is out of scope).
>
> [1]: https://en.wikipedia.org/wiki/CRC-32#Data_integrity
Yes, exactly -- pretty sure I made that point down thread but who knows;
I know I at least thought it ;-P
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2019-07-27 19:11:44 | Re: Adding column "mem_usage" to view pg_prepared_statements |
Previous Message | Sehrope Sarkuni | 2019-07-27 19:02:02 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |