public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tomas Vondra <[email protected]>
To: Stephen Frost <[email protected]>
To: Robert Haas <[email protected]>
To: Andres Freund <[email protected]>
To: Bruce Momjian <[email protected]>
To: Sasasu <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: XTS cipher mode for cluster file encryption
Date: Tue, 19 Oct 2021 02:07:27 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
On 10/18/21 17:56, Stephen Frost wrote:
>> ...
>> I've argued for storing the nonce, but I don't quite see why would we need
>> integrity guarantees?
>>
>> AFAICS the threat model the patch aims to address is an attacker who can
>> observe the data (e.g. a low-privileged OS user), but can't modify the
>> files. Which seems like a reasonable model for shared environments.
>
> There are multiple threat models which we should be considering and
> that's why we may want to eventually add integrity.
>
So what are these threat models? If we should be considering them it'd
be nice to have a description, explaining what capabilities must the
attacker have ...
My (perhaps naive) understanding is that the authentication / integrity
provides (partial) protection against attackers that may modify instance
data - modify files, etc. But I'd guess an attacker with such capability
can do various other (simpler) things to extract data. Say, modify the
config to load an extension that dumps keys from memory, or whatever.
So what's a plausible / practical threat model that would be mitigated
by the authenticated encryption?
It'd be a bit silly to add complexity to allow AEAD, only to find out
there are ways around it.
regards
--
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
view thread (54+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: XTS cipher mode for cluster file encryption
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox