On Wed, Jun 20, 2018 at 05:28:43PM -0500, Nico Williams wrote: > On Wed, Jun 20, 2018 at 06:19:40PM -0400, Joe Conway wrote: > > On 06/20/2018 05:12 PM, Bruce Momjian wrote: > > > On Mon, Jun 18, 2018 at 11:06:20AM -0400, Joe Conway wrote: > > > Even if they are encrypted with the same key, they use different > > > initialization vectors that are stored inside the encrypted payload, so > > > you really can't identify much except the length, as Robert stated. > > Definitely use different IVs, and don't reuse them (or use cipher modes > where IV reuse is not fatal). > > > The more you encrypt with a single key, the more fuel you give to the > > person trying to solve for the key with cryptanalysis. > > With modern 128-bit block ciphers in modern cipher modes you'd have to > encrypt enough data to make this not a problem. On the other hand, > you'll still have other reasons to do key rotation. Key rotation > ultimately means re-encrypting everything. Getting all of this right is > very difficult. > > So again, what's the threat model? Because if it's sysadmins/DBAs > you're afraid of, there are better things to do.
Agreed. Databases just don't match to the typical cryptographic solutions and threat models. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
