Andrew Chernow wrote:
Encrypting lots of small chunks of data with the same key is a very
dangerous thing to do and it's very tricky to get right.
Using an initialization vector (IV) is the way to go, recommend using
CBC or CFB mode. Although, an IV is never supposed to be used more
than once with the same key; that can leak hints about the plaintext.
Where is the randomly generated IV stored for use during decryption?
Well, you can store it along with the encrypted data. The IV doesn't
need to be secret, just random. I do that for one of my clients.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
