Home > mailing lists

Re: XTS cipher mode for cluster file encryption - Mailing list pgsql-hackers

From	Sasasu
Subject	Re: XTS cipher mode for cluster file encryption
Date	October 18, 2021 05:19:48
Msg-id	f5d156bc-8532-d958-0a26-c9271b9c2960@sasa.su Whole thread Raw
In response to	Re: XTS cipher mode for cluster file encryption (Tomas Vondra <tomas.vondra@enterprisedb.com>)
Responses	Re: XTS cipher mode for cluster file encryption (Stephen Frost <sfrost@snowman.net>) Re: XTS cipher mode for cluster file encryption (Tomas Vondra <tomas.vondra@enterprisedb.com>)
List	pgsql-hackers

Tree view

Just a mention. the HMAC (or AE/AD) can be disabled in AES-GCM. HMAC in 
AES-GCM is an encrypt-then-hash MAC.

CRC-32 is not a crypto-safe hash (technically CRC-32 is not a hash 
function). Cryptographers may unhappy with CRC-32.

I think CRC or SHA is not such important. If IV can be stored, I believe 
there should have enough space to store HMAC.

On 2021/10/18 05:23, Tomas Vondra wrote:
> 
> I've argued for storing the nonce, but I don't quite see why would we 
> need integrity guarantees?

Attachment

pgsql-hackers by date:

From: Masahiko Sawada
Date: 18 October 2021, 04:34:22
Subject: Re: Skipping logical replication transactions on subscriber side

From: Sasasu
Date: 18 October 2021, 05:35:48
Subject: Re: XTS cipher mode for cluster file encryption

Re: XTS cipher mode for cluster file encryption - Mailing list pgsql-hackers

Attachment

Previous

Next