With XTS this isn't actually the case though, is it..? Part of the point of XTS is that the last block doesn't have to be a full 16 bytes. What you're saying is true for XEX, but that's also why XEX isn't used for FDE in a lot of cases, because disk sectors aren't typically divisible by 16.
Assuming that's correct, and I don't see any reason to doubt it, then perhaps it would make sense to have the LSN be unencrypted and include it in the tweak as that would limit the risk from re-use of the same tweak over time.
Right, my thought was to leave the first 8 bytes of pages, the LSN, unencrypted and include the value in the tweak. Just tested that OpenSSL aes-256-xts handles non multiple-of-16 messages just fine.
From:
"Bossart, Nathan" Date: Subject:
Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?