On Thu, Jul 25, 2019 at 11:30:55PM -0400, Alvaro Herrera wrote: > On 2019-Jul-25, Alvaro Herrera wrote: > > > > Uh, there are no known attacks on AES with known plain-text, e.g., SSL > > > uses AES, so I think we are good with encrypting everything after the > > > first 16 bytes. > > > > Well, maybe there aren't any attacks *now*, but I don't know what will > > happen in the future. I'm not clear what's the intended win by > > encrypting the all-zeroes page hole anyway. If you leave it > > unencrypted, the attacker knows the size of the hole, as well as the > > size of the tuple data area and the size of the LP array. Is that a > > side-channer that leaks much? > > This answer https://crypto.stackexchange.com/a/31090 is interesting for > three reasons: > > 1. it says we don't really have to worry about cleartext attacks, at > least not in the immediate future, so encrypting the hole should be OK; > > 2. it seems to reinforces a point I tried to make earlier, which is that > reusing the IV a small number of times is *not that bad*:
I think using LSN and page number, we will _never_ reuse the IV, except for cases like promoting two standbys, which I think we have to document as an insecure practice. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
