Quick Links

Re: storing an explicit nonce

From:	"Andres Freund" <andres(at)anarazel(dot)de>
To:	"Bruce Momjian" <bruce(at)momjian(dot)us>
Cc:	"Stephen Frost" <sfrost(at)snowman(dot)net>, "Robert Haas" <robertmhaas(at)gmail(dot)com>, "Alvaro Herrera" <alvherre(at)alvh(dot)no-ip(dot)org>, "Masahiko Sawada" <sawada(dot)mshk(at)gmail(dot)com>, "Tom Kincaid" <tomjohnkincaid(at)gmail(dot)com>, "Amit Kapila" <amit(dot)kapila16(at)gmail(dot)com>, "Thomas Munro" <thomas(dot)munro(at)gmail(dot)com>, "PostgreSQL Development" <pgsql-hackers(at)postgresql(dot)org>, "Masahiko Sawada" <masahiko(dot)sawada(at)2ndquadrant(dot)com>
Subject:	Re: storing an explicit nonce
Date:	2021-05-27 15:34:51
Message-ID:	7fcf2a6f-ed0f-48b1-b72b-909b0db9640b@www.fastmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi,

On Thu, May 27, 2021, at 08:10, Bruce Momjian wrote:
> On Wed, May 26, 2021 at 05:11:24PM -0700, Andres Freund wrote:
> > Hi,
> >
> > On 2021-05-25 17:12:05 -0400, Bruce Momjian wrote:
> > > If we used a block cipher instead of a streaming one (CTR), this might
> > > not work because the earlier blocks can be based in the output of
> > > later blocks.
> >
> > What made us choose CTR for WAL & data file encryption? I checked the
> > README in the patchset and the wiki page, and neither seem to discuss
> > that.
> >
> > The dangers around nonce reuse, the space overhead of storing the nonce,
> > the fact that single bit changes in the encrypted data don't propagate
> > seem not great? Why aren't we using something like XTS? It has obvious
> > issues as wel, but CTR's weaknesses seem at least as great. And if we
> > want a MAC, then we don't want CTR either.
>
> We chose CTR because it was fast, and we could use the same method for
> WAL, which needs a streaming, not block, cipher.

The WAL is block oriented too.

Andres

In response to

Re: storing an explicit nonce at 2021-05-27 15:10:55 from Bruce Momjian

Responses

Re: storing an explicit nonce at 2021-05-27 15:49:33 from Stephen Frost
Re: storing an explicit nonce at 2021-05-27 16:01:16 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stephen Frost	2021-05-27 15:49:33	Re: storing an explicit nonce
Previous Message	vignesh C	2021-05-27 15:31:48	Re: Logical Replication - improve error message while adding tables to the publication in check_publication_add_relation