Re: storing an explicit nonce - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: storing an explicit nonce
Date
Msg-id 20210525211725.GL3048@momjian.us
Whole thread Raw
In response to Re: storing an explicit nonce  (Stephen Frost <sfrost@snowman.net>)
Responses Re: storing an explicit nonce
List pgsql-hackers
On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > We already discussed that there are too many other ways to break system
> > integrity that are not encrypted/integrity-checked, e.g., changes to
> > clog.  Do you disagree?
> 
> We had agreed that this wasn't something that was strictly required in
> the first version and I continue to agree with that.  On the other hand,
> if we decide that we ultimately need to use an independent nonce and
> further that we can make room in the special space for it, then it's
> trivial to also include the tag and we absolutely should (or make it
> optional to do so) in that case.

Well, if we can't really say the data has integrity, what does the
validation bytes accomplish?  And if are going to encrypt everything
that would allow integrity, we need to encrypt almost the entire file
system.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.




pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: storing an explicit nonce
Next
From: Stephen Frost
Date:
Subject: Re: storing an explicit nonce