On Wed, Jul 8, 2015 at 2:40 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> On 07/07/2015 07:31 PM, Fujii Masao wrote:
>>
>> Or another crazy idea is to append "random length" dummy data into
>> compressed FPW. Which would make it really hard for an attacker to
>> guess the information from WAL location.
>
>
> It makes the signal more noisy, but you can still mount the same attack if
> you just average it over more iterations. You could perhaps fuzz it enough
> to make the attack impractical, but it doesn't exactly give me a warm fuzzy
> feeling.
If the attack is impractical, what makes you feel nervous?
Maybe we should be concerned about a brute-force and dictionary
attacks rather than the attack using wal_compression?
Because ISTM that they are more likely to be able to leak passwords
in practice.
Regards,
--
Fujii Masao
