Hi Bruce,
Thanks for reply.
I've give up: i've found a slide in percona site about pgcrypto that said the developers of plugin intentionally introduces time consuming code to prevent brute force attacks.
My queries involves pgcrypto only in a small number of record (about 2000), so at the end the execution time remains the same....sadly.
Now my hopes are now in TDE. Hope to see that feature in PostgrSQL soon.
Many thanks again for support to all!
Have a nice day,
Agharta
On Mon, Jan 2, 2023 at 05:57:38PM +0100, agharta82@gmail.com wrote:
> So, a test with pgcrypto:
>
> select pgp_sym_encrypt(data::text, 'pwd') --default to aes128
> from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1
> hour'::interval) data
>
> vs
>
> select pgp_sym_encrypt(data::text, 'pwd','cipher-algo=bf') -- blowfish
> from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1
> hour'::interval) data
To see the difference, I think you need to construct a single large
query that calls many pgcrypto functions, with a small return result, so
the network, parsing, and optimizer overhead are minimal compared to the
OpenSSL overhread.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Embrace your flaws. They make you human, rather than perfect,
which you will never be.