Hi, On 2021-05-25 17:04:50 -0400, Stephen Frost wrote: > I do think it's reasonable to consider having hint bits not included in > the encrypted part of the page and therefore remove the need to produce > a new nonce for each hint bit change.
Huh. How are you going to track that efficiently? Do you want to mask them out before writing? As far as I understand you can't just re-encrypt a page with the same nonce, but different contents, without leaking information that you can't have leaked, even if the differences are not of a secret nature. I don't think hint bits are the only way to end up with needing to re-write a page with slightly different content, but the same LSN, during recovery, after a crash. I think it's just not going to fly to use LSNs as nonces, and that it's not worth butchering all kinds of aspect of the system to make it appear to work. Greetings, Andres Freund
