| From: | Ants Aasma <ants(at)cybertec(dot)at> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Sasasu <i(at)sasa(dot)su>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: storing an explicit nonce |
| Date: | 2021-10-07 18:59:31 |
| Message-ID: | CANwKhkPXb3K1FgCicz92P6xTme6sq_EJUq1rM5Mz8YdhbuJwfA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 7 Oct 2021 at 21:52, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> With XTS this isn't actually the case though, is it..? Part of the
> point of XTS is that the last block doesn't have to be a full 16 bytes.
> What you're saying is true for XEX, but that's also why XEX isn't used
> for FDE in a lot of cases, because disk sectors aren't typically
> divisible by 16.
>
> https://en.wikipedia.org/wiki/Disk_encryption_theory
>
> Assuming that's correct, and I don't see any reason to doubt it, then
> perhaps it would make sense to have the LSN be unencrypted and include
> it in the tweak as that would limit the risk from re-use of the same
> tweak over time.
>
Right, my thought was to leave the first 8 bytes of pages, the LSN,
unencrypted and include the value in the tweak. Just tested that OpenSSL
aes-256-xts handles non multiple-of-16 messages just fine.
--
Ants Aasma
Senior Database Engineerwww.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2021-10-07 19:00:21 | Re: storing an explicit nonce |
| Previous Message | Bossart, Nathan | 2021-10-07 18:57:54 | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? |