public inbox for [email protected]  
help / color / mirror / Atom feed
From: Tomas Vondra <[email protected]>
To: Stephen Frost <[email protected]>
To: Robert Haas <[email protected]>
To: Andres Freund <[email protected]>
To: Bruce Momjian <[email protected]>
To: Sasasu <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: XTS cipher mode for cluster file encryption
Date: Tue, 19 Oct 2021 02:07:27 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

On 10/18/21 17:56, Stephen Frost wrote:
 >> ...
>> I've argued for storing the nonce, but I don't quite see why would we need
>> integrity guarantees?
>>
>> AFAICS the threat model the patch aims to address is an attacker who can
>> observe the data (e.g. a low-privileged OS user), but can't modify the
>> files. Which seems like a reasonable model for shared environments.
> 
> There are multiple threat models which we should be considering and
> that's why we may want to eventually add integrity.
> 

So what are these threat models? If we should be considering them it'd 
be nice to have a description, explaining what capabilities must the 
attacker have ...

My (perhaps naive) understanding is that the authentication / integrity 
provides (partial) protection against attackers that may modify instance 
data - modify files, etc. But I'd guess an attacker with such capability 
can do various other (simpler) things to extract data. Say, modify the 
config to load an extension that dumps keys from memory, or whatever.

So what's a plausible / practical threat model that would be mitigated 
by the authenticated encryption?

It'd be a bit silly to add complexity to allow AEAD, only to find out 
there are ways around it.


regards

-- 
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company





view thread (54+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: XTS cipher mode for cluster file encryption
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox