On Tue, Aug 6, 2019 at 06:13:30PM -0400, Jonathan Katz wrote: > Hi, > > On 8/6/19 3:01 PM, Bruce Momjian wrote: > > On Tue, Aug 6, 2019 at 01:55:38PM -0400, Bruce Momjian wrote: > >> CTR mode creates a bit stream for the first 16 bytes with nonce of > >> (segment_number, counter = 0), and the next 16 bytes with > >> (segment_number, counter = 1), etc. We only XOR using the parts of the > >> bit stream we want to use. We don't care what the WAL content is --- we > >> just XOR it with the stream with the matching counter for that part of > >> the WAL. > > > > The diagram which is part of this section might be helpful: > > > > > > https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR) > > > > https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:CTR_encryption_2.svg > > This is going to be a slightly long (understatement) email that I > thought would be easier to try to communicate all in one place vs. > replying to individual parts on this long thread. My main goal was to > present some things I had researched on TDE, some of which had been > mentioned on thread, and compile it in one place (it's also why I was > slow to respond on some other things on the thread -- sorry!)
This basically tries to re-litigate many discussions we have already had, and I don't see much value in replying point by point. It relitigates: * table/tablespace-level encryption keys (single WAL file and unlocked keys for recovery) * CTR mode * Authentication of data (we decided we would not do this for v1 of this feature) * Use of something like "ssl_passphrase" If you want to relitigate something, you will need to state that, and reference the previous arguments in explaining your disagreement. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
