Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
| От | Tomas Vondra |
|---|---|
| Тема | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) |
| Дата | |
| Msg-id | ca97b354-2008-b5ce-d8cc-a96389f3f052@2ndquadrant.com обсуждение исходный текст |
| Ответ на | [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) ("Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>) |
| Ответы |
RE: [Proposal] Table-level Transparent Data Encryption (TDE) andKey Management Service (KMS)
RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Список | pgsql-hackers |
Hi, On 05/25/2018 01:41 PM, Moon, Insung wrote: > Hello Hackers, > > ... > > BTW, I want to support CBC mode encryption[3]. However, I'm not sure > how to use the IV in CBC mode for this proposal. I'd like to hear > opinions by security engineer. > I'm not a cryptographer either, but this is exactly where you need a prior discussion about the threat models - there are a couple of chaining modes, each with different weaknesses. FWIW it may also matter if data_checksums are enabled, because that may prevent malleability attacks affecting of the modes. Assuming active attacker (with the ability to modify the data files) is part of the threat model, of course. regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: