Home > mailing lists

Re: New types for transparent encryption - Mailing list pgsql-hackers

From	Andrew Chernow
Subject	Re: New types for transparent encryption
Date	July 8, 2009 02:41:50
Msg-id	4A540770.7070001@esilo.com Whole thread Raw
In response to	Re: New types for transparent encryption (Greg Stark <gsstark@mit.edu>)
Responses	Re: New types for transparent encryption (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

> Encrypting lots of small chunks of data with the same key is a very
> dangerous thing to do and it's very tricky to get right.

Using an initialization vector (IV) is the way to go, recommend using CBC or CFB 
mode.  Although, an IV is never supposed to be used more than once with the same 
key; that can leak hints about the plaintext.  Where is the randomly generated 
IV stored for use during decryption?

-- 
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/

pgsql-hackers by date:

From: Greg Stark
Date: 08 July 2009, 01:10:29
Subject: Re: New types for transparent encryption

From: Andrew Dunstan
Date: 08 July 2009, 02:49:27
Subject: Re: New types for transparent encryption

Re: New types for transparent encryption - Mailing list pgsql-hackers

Previous

Next