On 2021/10/16 04:57, Tomas Vondra wrote: > > Seems reasonable, on the assumption the threat models are the same.
On 2021/10/16 03:22, Stephen Frost wrote:
plain64: the initial vector is the 64-bit little-endian version of the sector number, padded with zeros if necessary That is, the default for LUKS is AES, XTS, with a simple IV. That strikes me as a pretty ringing endorsement
On 2021/10/18 05:23, Tomas Vondra wrote: > > AFAICS the threat model the patch aims to address is an attacker who can > observe the data (e.g. a low-privileged OS user), but can't modify the > files. Which seems like a reasonable model for shared environments. I agree this threat model. And if PostgreSQL is using XTS, there is no different with dm-encrypt. The user can use dm-encrypt directly.
OpenPGP_0x4E72AF09097DAE2E.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
