On 7/9/19 10:06 PM, Stephen Frost wrote: > Greetings, > > * Ryan Lambert (r...@rustprooflabs.com) wrote: >> > What I think Tomas is getting at here is that we don't write a page only >> > once. >> >> > A nonce of tableoid+pagenum will only be unique the first time we write >> > out that page. Seems unlikely that we're only going to be writing these >> > pages once though- what we need is a nonce that's unique for *every >> > write* of the 8k page, isn't it? As every write of the page is going to >> > be encrypting something new. >> >> > With sufficient randomness, we can at least be more likely to have a >> > unique nonce for each 8K write. Including the LSN seems like it'd be a >> > possible alternative. >> >> Agreed. I know little of the inner details about the LSN but what I read >> in [1] sounds encouraging in addition to tableoid + pagenum. >> >> [1] https://www.postgresql.org/docs/current/datatype-pg-lsn.html > > Yes, but it's still something that we'd have to store somewhere- the > actual LSN of the page is going to be in the 8K block. > > Unless we decide that we can pull the LSN *out* of the 8K block and > store it unencrypted, and then store the *rest* of the block > encrypted... That might also allow things like backup software to work > on these encrypted data files for page-level backups without needing > access to the key and that'd be pretty neat. > > Of course, as with anything, the more data you expose, the higher the > overall risk that someone can figure out some meaning from it. Still, > if the idea was that we'd use the LSN in this way, then it'd need to be > stored unencrypted regardless...
I don't think we are going to be able to eliminate every possible side-channel anyway -- this seems like a good compromise to me. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature