On Wed, Jul 8, 2015 at 2:40 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 07/07/2015 07:31 PM, Fujii Masao wrote: >> >> Or another crazy idea is to append "random length" dummy data into >> compressed FPW. Which would make it really hard for an attacker to >> guess the information from WAL location. > > > It makes the signal more noisy, but you can still mount the same attack if > you just average it over more iterations. You could perhaps fuzz it enough > to make the attack impractical, but it doesn't exactly give me a warm fuzzy > feeling.
If the attack is impractical, what makes you feel nervous? Maybe we should be concerned about a brute-force and dictionary attacks rather than the attack using wal_compression? Because ISTM that they are more likely to be able to leak passwords in practice. Regards, -- Fujii Masao -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
