well, for a first version, i think it's nice :) maybe more information about the key server should be nice about key file... if the attacker know the file and contents, he/she could decrypt the table/column?
2014-06-17 13:40 GMT-03:00 Elmar Eperiesi-Beck <el...@eperiesi-beck.de>: > Hi, > I agree with you. If we want to know, what Google has developed as > encryption feature, we will have to wait for your source code to be > published. > > In the meantime, you can find our concept for the encryption on our > website: http://bit.ly/1slJyuI > Feedback (negative and positive) from all of you is welcome - and needed! > > Best Regards > Elmar > > > Am 17.06.2014 um 12:50 schrieb Jonas Oreland <jon...@google.com>: > > Hi again, > > > by "interfaces" I was looking for the Maria DB place/ function / hook... > where you are enhancing the MariaDB Code. > > I'm not sure how to convey this in a digestible form, attaching diffstats > below. Not sure if it's helps :-( > > There are many aspects of it. > And each of the sub-projects (innodb data, innodb log, maria, tempfiles, > binlog) has "interesting" details. > > /Jonas > > > storage/innodb has this diffstat: > CMakeLists.txt | 2 > btr/btr0cur.cc | 9 > buf/buf0buf.cc | 213 +++++ > buf/buf0checksum.cc | 8 > buf/buf0dblwr.cc | 40 - > buf/buf0flu.cc | 6 > buf/buf0rea.cc | 7 > dict/dict0load.cc | 8 > fil/fil0crypt.cc | 1986 > +++++++++++++++++++++++++++++++++++++++++++++++++++ > fil/fil0fil.cc | 280 ++++++- > fsp/fsp0fsp.cc | 36 > handler/ha_innodb.cc | 110 ++ > handler/i_s.cc | 292 +++++++ > handler/i_s.h | 1 > include/buf0buf.h | 60 + > include/buf0buf.ic | 29 > include/fil0fil.h | 266 ++++++ > include/fsp0fsp.h | 9 > include/log0crypt.h | 85 ++ > include/log0log.h | 21 > include/log0recv.h | 5 > include/mtr0log.ic | 2 > include/mtr0mtr.h | 8 > include/srv0srv.h | 8 > log/log0crypt.cc | 256 ++++++ > log/log0log.cc | 93 ++ > log/log0recv.cc | 35 > mtr/mtr0log.cc | 4 > row/row0import.cc | 3 > srv/srv0srv.cc | 14 > srv/srv0start.cc | 29 > 31 files changed, 3853 insertions(+), 72 deletions(-) > > storage/maria has this diffstat: > CMakeLists.txt | 12 > ha_maria.cc | 12 > ma_bitmap.c | 63 ++-- > ma_blockrec.c | 222 ++++++++------ > ma_blockrec.h | 26 + > ma_check.c | 49 +-- > ma_checkpoint.c | 4 > ma_close.c | 2 > ma_create.c | 56 +++ > ma_crypt.c | 464 > ++++++++++++++++++++++++++++++ > ma_crypt.h | 26 + > ma_delete.c | 2 > ma_key_recover.c | 10 > ma_loghandler.c | 63 +--- > ma_open.c | 48 ++- > ma_pagecache.c | 154 ++++++--- > ma_pagecache.h | 34 +- > ma_pagecrc.c | 118 ++++--- > ma_static.c | 1 > ma_write.c | 24 - > maria_def.h | 81 ++--- > unittest/ma_pagecache_consist.c | 28 - > unittest/ma_pagecache_rwconsist.c | 27 - > unittest/ma_pagecache_rwconsist2.c | 27 - > unittest/ma_pagecache_single.c | 27 - > unittest/ma_test_loghandler_pagecache-t.c | 29 - > 26 files changed, 1102 insertions(+), 507 deletions(-) > > A noticeable difference between innodb and maria is that we didn't > implement encryption of the log for maria, > as we only added support for temporary tables. For maria we also only > added encryption support for BLOCK format > but added all the features to this format so that it was usable for all > temp-table scenarios. maria also doesn't have > key-rotation feature like innodb has. > > I couldn't (as) easily extract diffstats for binlog and tempfile > encryption. > You have to wait for the code to get published... > > > On Tue, Jun 17, 2014 at 7:29 AM, Elmar Eperiesi-Beck < > el...@eperiesi-beck.de> wrote: > >> Hi, >> by "interfaces" I was looking for the Maria DB place/ function / hook... >> where you are enhancing the MariaDB Code. >> This would help me to understand what you are trying to do. >> >> Elmar >> >> Am 17.06.2014 um 07:02 schrieb Jonas Oreland <jon...@google.com>: >> >> Hi again, >> >> > What is the type of license of your code? >> >> I asked internally about license, and it seems like we releasing dual >> gpl2/apache licensed code. >> >> > I would like to know, which interfaces from maria-DB you are using. >> >> I don't 100% understand the question. >> We didn't write any actual encryption code, but used the one provided in >> openssl. >> Other than that, we didn't really "use interfaces", but rather >> added/modified functionality/interfaces here and there. >> >> Can you be more specific ? >> >> /Jonas >> >> >> >> On Sat, Jun 7, 2014 at 11:20 PM, Elmar Eperiesi-Beck < >> el...@eperiesi-beck.de> wrote: >> >>> Hi! >>> We (eperi) would be glad to do a joined work with Google. >>> Our solution works with MS-SQL, Oracle and other DBs and we are >>> currently porting it to MariaDB - and - as Monty said - its never to late >>> to put some sources together and make the best for the open source >>> community. >>> >>> What is the type of license of your code? >>> >>> Jonas, I am looking forward to connect to you directly. >>> >>> Regards >>> Elmar >>> >>> Hi! >>> >>> > Hi Jonas, >>> > (same Jonas we know from NDBCLUSTER? :-) Good to see you again) >>> > >>> > On 6 Jun 2014, at 02:31, Jonas Oreland <jon...@google.com> wrote: >>> > >>> >> Hi there, >>> >> I read this blog post >>> >> >>> http://monty-says.blogspot.com/2014/05/for-your-eyes-only-or-adding-better.html >>> >> and wanted to inform you that we at Google has developed >>> on-disk/block-level encryption for Innodb, aria (as used by temporary >>> tables), binlogs and temp-files. >>> >> The code is not yet published, but we expect it to be within a few >>> weeks or so. >>> >> We (of course?) think that it would be better if you instead of >>> developing new code >>> >> spent the time testing/reviewing ours. >>> >>> We are out course happy to do this! >>> >>> >> I'm happy to answer questions on the topic, >>> >> and will let you know once we've published it. >>> >>> The main question I have about the Innodb encryption is if it based on >>> the compression code we did for fusion-io? >>> The idea we had on our side was that by using the new compression hooks >>> we could add encryption with very little changes to the Innodb code. >>> Looking forward to when you are ready to publish the code so we can >>> discuss your changes in detail. >>> >>> > This is great news! >>> > >>> > From what I gather, from Monty's blog post (and a 1:1 we had some time >>> back), this is something done by a partner/external company that has a >>> mostly OSS solution, that we should integrate into 10.1 >>> >>> Yes, that's correct. It I would have known that Google was working on >>> encryption I would have included them in my discussions with eperi. >>> Fortunately it's not yet too late to do this. >>> I am sure eperi would like to work on the Google code as a base! >>> >>> > That said, Google's release of something that works for InnoDB, Aria, >>> binlogs, temp files (and presumably not too hard to add for MyISAM) is >>> something we should definitely review and target for 10.1 >>> >>> Yes! >>> >>> Regards, >>> Monty >>> >>> >>> >> > > > _______________________________________________ > Mailing list: https://launchpad.net/~maria-developers > Post to : maria-developers@lists.launchpad.net > Unsubscribe : https://launchpad.net/~maria-developers > More help : https://help.launchpad.net/ListHelp > > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle
_______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : maria-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
