public inbox for [email protected]
help / color / mirror / Atom feedFrom: Peter Eisentraut <[email protected]>
To: Jacob Champion <[email protected]>
To: [email protected] <[email protected]>
Subject: Re: Transparent column encryption
Date: Tue, 7 Dec 2021 16:39:29 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On 06.12.21 21:44, Jacob Champion wrote:
> I think reusing a zero IV will potentially leak more information than
> just equality, depending on the cipher in use. You may be interested in
> synthetic IVs and nonce-misuse resistance (e.g. [1]), since they seem
> like they would match this use case exactly. (But I'm not a
> cryptographer.)
I'm aware of this and plan to make use of SIV. The current
implementation is just an example.
> Have you given any thought to AEAD? As a client I'd like to be able to
> tie an encrypted value to other column (or external) data. For example,
> AEAD could be used to prevent a DBA from copying the (encrypted) value
> of my credit card column into their account's row to use it.
I don't know how that is supposed to work. When the value is encrypted
for insertion, the client may know things like table name or column
name, so it can tie it to those. But it doesn't know what row it will
go in, so you can't prevent the value from being copied into another
row. You would need some permanent logical row ID for this, I think.
For this scenario, the deterministic encryption mode is perhaps not the
right one.
>> This is not targeting PostgreSQL 15. But I'd appreciate some feedback
>> on the direction.
>
> What kinds of attacks are you hoping to prevent (and not prevent)?
The point is to prevent admins from getting at plaintext data. The
scenario you show is an interesting one but I think it's not meant to be
addressed by this. If admins can alter the database to their advantage,
they could perhaps increase their account balance, create discount
codes, etc. also.
If this is a problem, then perhaps a better approach would be to store
parts of the data in a separate database with separate admins.
view thread (53+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Transparent column encryption
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox