Andrew Dunstan wrote:
Andrew Chernow wrote:
Encrypting lots of small chunks of data with the same key is a very
dangerous thing to do and it's very tricky to get right.
Using an initialization vector (IV) is the way to go, recommend using
CBC or CFB mode. Although, an IV is never supposed to be used more
than once with the same key; that can leak hints about the plaintext.
Where is the randomly generated IV stored for use during decryption?
Well, you can store it along with the encrypted data. The IV doesn't
need to be secret, just random. I do that for one of my clients.
That's correct. Duh!?! Probably the first N bytes of the cipher text.
Would the IV be regenerated every time the plaintext is updated, to avoid using
it twice? For instace: update t set text = 'abc' where id = 1 . ISTM that the
IV for OLD.text should be thrown away.
Where would the key come from? Where would it be stored? What cipher is used?
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
