Re: New types for transparent encryption - Mailing list pgsql-hackers

From Chris Browne
Subject Re: New types for transparent encryption
Date
Msg-id 87fxd715xi.fsf@dba2.int.libertyrms.com
Whole thread Raw
In response to Re: New types for transparent encryption  (Greg Stark <gsstark@mit.edu>)
List pgsql-hackers
gsstark@mit.edu (Greg Stark) writes:
> However I have a different concern which hasn't been raised yet.
> Encrypting lots of small chunks of data with the same key is a very
> dangerous thing to do and it's very tricky to get right. 

Yeah, that's exactly the sort of thing that would be Most Useful for
someone trying to do differential cryptanalysis.
  http://en.wikipedia.org/wiki/Differential_cryptanalysis

It would provide an *exact* vector for differential attack if the
attacker has the ability to add in a series of bits of data of their
choosing before capturing the thus-encrypted dump.

If you add some more-or-less-randomish salt, ala SSHA, that could be
of some tiny help, maybe, arguably, but I doubt that's usable :-(.  http://www.openldap.org/faq/data/cache/347.html
-- 
let name="cbbrowne" and tld="acm.org" in String.concat "@" [name;tld];;
http://linuxfinances.info/info/sap.html
Why do scientists call it research when looking for something new?


pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: multi-threaded pgbench
Next
From: Chris Browne
Date:
Subject: Re: [pgsql-www] commitfest.postgresql.org