Home > mailing lists

Re: storing an explicit nonce - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: storing an explicit nonce
Date	September 27, 2021 23:34:48
Msg-id	20210927203448.GB12052@momjian.us Whole thread Raw
In response to	Re: storing an explicit nonce (Sasasu <i@sasa.su>)
Responses	Re: storing an explicit nonce (Ants Aasma <ants@cybertec.at>)
List	pgsql-hackers

Tree view

On Sun, Sep  5, 2021 at 10:51:42PM +0800, Sasasu wrote:
> Hi, community,
> 
> It looks like we are still considering AES-CBC, AES-XTS, and AES-GCM(-SIV).
> I want to say something that we don't think about.
> 
> For AES-CBC, the IV should be not predictable. I think LSN or HASH(LSN,
> block number or something) is predictable. There are many CVE related to
> AES-CBC with a predictable IV.

The LSN would change every time the page is modified, so while the LSN
could be predicted, it would not be reused.  However, there is currently
no work being done on page-level encryption of Postgres.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.

pgsql-hackers by date:

From: Mark Dilger
Date: 27 September 2021, 23:21:36
Subject: Re: Fixing WAL instability in various TAP tests

From: "Euler Taveira"
Date: 27 September 2021, 23:49:08
Subject: Re: how to distinguish between using the server as a standby or for executing a targeted recovery in PG 11?

Re: storing an explicit nonce - Mailing list pgsql-hackers

Previous

Next