Re: Contribution: Codec for index-level encryption

Hi Robert, Yes, you are right. This approach is more complex than plain fs level encryption, but this enables more fine-grained control on what is encrypted. For example, it would not be possible to choose which field to encrypt or not. Also, with fs level encryption, all the data is

Re: Contribution: Codec for index-level encryption

Be sure to add that comment about multi-tenancy to the Jira description since that is a key aspect of this particular approach. -- Jack Krupansky On Thu, Jan 7, 2016 at 4:52 AM, Renaud Delbru wrote: > Hi Robert, > > Yes, you are right. This approach is more complex than

Re: Contribution: Codec for index-level encryption

I would strongly recommend against "invent your own mode", and instead using standardized schemes/modes (e.g. XTS). Separate from that, I don't understand the reasoning to do it at the codec level. seems quite a bit more messy and complicated than the alternatives, such as block device level