On Thu, Jul 25, 2019 at 8:50 PM Bruce Momjian <br...@momjian.us> wrote:
> On Thu, Jul 25, 2019 at 08:44:40PM -0400, Sehrope Sarkuni wrote: > > You can still use CTR mode and include those to make the key + IV unique > by > > adding them to the derived key rather than the IV. > > > > The IV per-page would still be LSN + page-number (with the block number > added > > as it's evaluated across the page) and the relfilenode, heap/index, > database, > > and anything else to make it unique can be included in the HKDF to > create the > > per-file derived key. > > I thought if we didn't have to hash the stuff together we would be less > likely to get collisions with the IV. > IV creation not use any hashing and would never have collisions with the same key as it's LSN + page + block (concatenation). The derived keys would also not have collisions as the HKDF prevents that. Deriving two matching keys with different inputs has the same chance as randomly generating matching HMACs (effectively nil with something like HMAC-SHA-256). So there wouldn't be any reuse of the same key + IV. Even if two different files are encrypted with the same LSN + page the total operation (key + IV) would be different as they'd be using different derived keys. Regards, -- Sehrope Sarkuni Founder & CEO | JackDB, Inc. | https://www.jackdb.com/
