Re: storing an explicit nonce - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: storing an explicit nonce
Date
Msg-id 20210525212535.GO20766@tamriel.snowman.net
Whole thread Raw
In response to Re: storing an explicit nonce  (Bruce Momjian <bruce@momjian.us>)
Responses Re: storing an explicit nonce
List pgsql-hackers
Greetings,

* Bruce Momjian (bruce@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > We already discussed that there are too many other ways to break system
> > > integrity that are not encrypted/integrity-checked, e.g., changes to
> > > clog.  Do you disagree?
> >
> > We had agreed that this wasn't something that was strictly required in
> > the first version and I continue to agree with that.  On the other hand,
> > if we decide that we ultimately need to use an independent nonce and
> > further that we can make room in the special space for it, then it's
> > trivial to also include the tag and we absolutely should (or make it
> > optional to do so) in that case.
>
> Well, if we can't really say the data has integrity, what does the
> validation bytes accomplish?  And if are going to encrypt everything
> that would allow integrity, we need to encrypt almost the entire file
> system.

I'm not following this logic.  The primary data would be guaranteed to
be unchanged and there is absolutely value in that, even if the metadata
is not guaranteed to be unmolested.  Security always comes with a lot of
tradeoffs.  RLS doesn't prevent certain side-channel attacks but it
still is extremely useful in a great many cases.

Thanks,

Stephen

Attachment

pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: storing an explicit nonce
Next
From: Bruce Momjian
Date:
Subject: Re: storing an explicit nonce