On 2019-Jul-10, Bruce Momjian wrote: > Good, so I think we all now agree we have to put the nonce > (pg_class.oid, LSN, page-number) though the cipher using the secret.
Actually, why do you need the page number in the nonce? The LSN already distinguishes pages -- you can't have two pages with the same LSN, can you? (I do think you can have multiple writes of the same page with different LSNs, if you change hint bits and don't write WAL about it, but maybe we should force CRC enabled in encrypted tables, which I think closes this hole?) -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services