Re: Is OpenSSL AES-NI not available in pgcrypto?

Hi Bruce,
Thanks for reply.

I've give up: i've found a slide in percona site about pgcrypto that said
the developers of plugin intentionally introduces time consuming code to
prevent brute force attacks.

My queries involves pgcrypto only in a small number of record (about 2000),
so at the end the execution time remains the same....sadly.

Now my hopes are now in TDE. Hope to see that feature in PostgrSQL soon.

Many thanks again for support to all!

Have a nice day,
Agharta

Il sab 7 gen 2023, 03:13 Bruce Momjian <bruce(at)momjian(dot)us> ha scritto:

> On Mon, Jan 2, 2023 at 05:57:38PM +0100, agharta82(at)gmail(dot)com wrote:
> > So, a test with pgcrypto:
> >
> > select pgp_sym_encrypt(data::text, 'pwd') --default to aes128
> > from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1
> > hour'::interval) data
> >
> > vs
> >
> > select pgp_sym_encrypt(data::text, 'pwd','cipher-algo=bf') -- blowfish
> > from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1
> > hour'::interval) data
>
> To see the difference, I think you need to construct a single large
> query that calls many pgcrypto functions, with a small return result, so
> the network, parsing, and optimizer overhead are minimal compared to the
> OpenSSL overhread.
>
> --
> Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
> EDB https://enterprisedb.com
>
> Embrace your flaws. They make you human, rather than perfect,
> which you will never be.
>