Greetings, * Andres Freund (and...@anarazel.de) wrote: > On 2021-05-25 17:04:50 -0400, Stephen Frost wrote: > > I do think it's reasonable to consider having hint bits not included in > > the encrypted part of the page and therefore remove the need to produce > > a new nonce for each hint bit change. > > Huh. How are you going to track that efficiently? Do you want to mask > them out before writing? As far as I understand you can't just > re-encrypt a page with the same nonce, but different contents, without > leaking information that you can't have leaked, even if the differences > are not of a secret nature.
The simple thought I had was masking them out, yes. No, you can't re-encrypt a different page with the same nonce. (Re-encrypting the exact same page with the same nonce, however, just yields the same cryptotext and therefore is fine). > I don't think hint bits are the only way to end up with needing to > re-write a page with slightly different content, but the same LSN, > during recovery, after a crash. Any other cases would have to be addressed if we were to use LSNs, of course. > I think it's just not going to fly to use LSNs as nonces, and that it's > not worth butchering all kinds of aspect of the system to make it appear > to work. I do agree that we'd want to avoid "butchering all kinds of aspects of the system" if possible. :) Thanks! Stephen
signature.asc
Description: PGP signature
