Re: FPW compression leaks information
| От | Fujii Masao |
|---|---|
| Тема | Re: FPW compression leaks information |
| Дата | |
| Msg-id | CAHGQGwGuC9Cd+vQWz8GovswMw2=PR+RO9pdvq1oghDeCrsMSfA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: FPW compression leaks information (Heikki Linnakangas <hlinnaka@iki.fi>) |
| Список | pgsql-hackers |
On Wed, Jul 8, 2015 at 2:40 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > On 07/07/2015 07:31 PM, Fujii Masao wrote: >> >> Or another crazy idea is to append "random length" dummy data into >> compressed FPW. Which would make it really hard for an attacker to >> guess the information from WAL location. > > > It makes the signal more noisy, but you can still mount the same attack if > you just average it over more iterations. You could perhaps fuzz it enough > to make the attack impractical, but it doesn't exactly give me a warm fuzzy > feeling. If the attack is impractical, what makes you feel nervous? Maybe we should be concerned about a brute-force and dictionary attacks rather than the attack using wal_compression? Because ISTM that they are more likely to be able to leak passwords in practice. Regards, -- Fujii Masao
В списке pgsql-hackers по дате отправления: