Re: better page-level checksums
| От | Bruce Momjian |
|---|---|
| Тема | Re: better page-level checksums |
| Дата | |
| Msg-id | Yqu7u3EmCGkQeJyu@momjian.us обсуждение исходный текст |
| Ответ на | Re: better page-level checksums (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
On Tue, Jun 14, 2022 at 01:42:55PM -0400, Robert Haas wrote: > Hmm, but on the other hand, if you imagine a scenario in which the > "storage system extra blob" is actually a nonce for TDE, you need to > be able to find it before you've decrypted the rest of the page. If > pd_checksum gives you the offset of that data, you need to exclude it > from what gets encrypted, which means that you need encrypt three > separate non-contiguous areas of the page whose combined size is > unlikely to be a multiple of the encryption algorithm's block size. > That kind of sucks (and putting it at the end of the page makes it way > better). I continue to believe that a nonce is not needed for XTS encryption mode, and that adding a tamper-detection GCM hash is of limited usefulness since malicious writes can be done to other critical files and can be used to find the cluster or encryption keys -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson
В списке pgsql-hackers по дате отправления: