Home > mailing lists

Re: XTS cipher mode for cluster file encryption - Mailing list pgsql-hackers

From	Sasasu
Subject	Re: XTS cipher mode for cluster file encryption
Date	October 18, 2021 05:35:48
Msg-id	01cc0870-5526-de25-7ab5-55247f7cfca6@sasa.su Whole thread Raw
In response to	Re: XTS cipher mode for cluster file encryption (Stephen Frost <sfrost@snowman.net>)
Responses	Re: XTS cipher mode for cluster file encryption
List	pgsql-hackers

Tree view

On 2021/10/16 04:57, Tomas Vondra wrote:
 >
 > Seems reasonable, on the assumption the threat models are the same.

On 2021/10/16 03:22, Stephen Frost wrote:
> plain64: the initial vector is the 64-bit little-endian version of the
> sector number, padded with zeros if necessary
> 
> That is, the default for LUKS is AES, XTS, with a simple IV.  That
> strikes me as a pretty ringing endorsement
On 2021/10/18 05:23, Tomas Vondra wrote:
 >
 > AFAICS the threat model the patch aims to address is an attacker who can
 > observe the data (e.g. a low-privileged OS user), but can't modify the
 > files. Which seems like a reasonable model for shared environments.

I agree this threat model.

And if PostgreSQL is using XTS, there is no different with dm-encrypt.
The user can use dm-encrypt directly.

Attachment

pgsql-hackers by date:

From: Sasasu
Date: 18 October 2021, 05:19:48
Subject: Re: XTS cipher mode for cluster file encryption

From: "houzj.fnst@fujitsu.com"
Date: 18 October 2021, 05:51:43
Subject: RE: Failed transaction statistics to measure the logical replication progress

Re: XTS cipher mode for cluster file encryption - Mailing list pgsql-hackers

Attachment

Previous

Next