Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

Поиск
Список
Период
Сортировка
От Ryan Lambert
Тема Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Дата
Msg-id CAN-V+g8fCt7OKafNUvBRSevERxt0u1LXJUUh5YwfPyU+6Aa7DA@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Ответы Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Stephen Frost <sfrost@snowman.net>)
Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Bruce Momjian <bruce@momjian.us>)
Список pgsql-hackers
Дерево обсуждения

what is it that gets stored in the page for
decryption use, the nonce or the IV derived from it?

I believe storing the IV is preferable and still secure per [1]: "The IV need not be secret"

Beyond needing the database oid, if every decrypt function has to regenerate the IV from the nonce that will affect performance.  I don't know how expensive the forward hash is but it won't be free.




Ryan Lambert

 

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: doc: minor update for description of "pg_roles" view
Следующее
От: Stephen Frost
Дата:
Сообщение: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)