RE: [Proposal] Table-level Transparent Data Encryption (TDE) andKey Management Service (KMS)
От | Tsunakawa, Takayuki |
---|---|
Тема | RE: [Proposal] Table-level Transparent Data Encryption (TDE) andKey Management Service (KMS) |
Дата | |
Msg-id | 0A3221C70F24FB45833433255569204D1F9A3BB2@G01JPEXMBYT05 обсуждение исходный текст |
Ответ на | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) (Tomas Vondra <tomas.vondra@2ndquadrant.com>) |
Ответы |
RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
|
Список | pgsql-hackers |
> From: Tomas Vondra [mailto:tomas.vondra@2ndquadrant.com] > On 05/25/2018 01:41 PM, Moon, Insung wrote: > > BTW, I want to support CBC mode encryption[3]. However, I'm not sure > > how to use the IV in CBC mode for this proposal. I'd like to hear > > opinions by security engineer. > > > > I'm not a cryptographer either, but this is exactly where you need a > prior discussion about the threat models - there are a couple of > chaining modes, each with different weaknesses. Our products uses XTS, which recent FDE software like BitLocker and TrueCrypt uses instead of CBC. https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS "According to SP 800-38E, "In the absence of authentication or access control, XTS-AES provides more protection than theother approved confidentiality-only modes against unauthorized manipulation of the encrypted data."" > FWIW it may also matter if data_checksums are enabled, because that may > prevent malleability attacks affecting of the modes. Assuming active > attacker (with the ability to modify the data files) is part of the > threat model, of course. Encrypt the page after embedding its checksum value. If a malicious attacker modifies a page on disk, then the decryptedpage would be corrupt anyway, which can be detected by checksum. Regards Takayuki Tsunakawa
В списке pgsql-hackers по дате отправления: