[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LMDB encryption support
- To: Howard Chu <hyc@symas.com>, "OpenLDAP-devel@openldap.org" <OpenLDAP-devel@openldap.org>
- Subject: Re: LMDB encryption support
- From: Timur Kristóf <timur.kristof@gmail.com>
- Date: Thu, 10 Aug 2017 20:11:32 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:date:in-reply-to:references:mime-version :content-transfer-encoding; bh=SZYk+AEO4/zgQa8f7z1cXy3kKf3lTzmWqyTc/TbcT+Y=; b=TrFQ8Uds8y/CwwgUmVBD/c/fpUrXCiGIGuUJIPWhj4z+tJx7P9rcxvEkWH3g9e7Ud2 dWfZzs4MHgdf1Gq/TuC5DUAk2X89Y4BNBtH+D2sxrDU7h39XCIFvWYNi5YnYzsua8jtX K5P8wPmLEbY8e6sHIf9eLipdwOFEbrBvC0TLuguAEfvZwrFIlkwjvwLVe+z9mNyQOHg+ gWkrd8v0ydkoCym4gscwvviKdzVtFFM5sBTYHHCz1q/c7nXnVeO8zQZ2vZiiu8QFOS04 I4ahMis/RakmJPTrbz4lH8HSW5M9nTtVssSWW88U9V3iYd8ANbgkwoGZKzXKP3hT3Vo3 49uA==
- In-reply-to: <c4dab8cf-66b8-0873-f6a9-9c59a551a155@symas.com>
- References: <c4dab8cf-66b8-0873-f6a9-9c59a551a155@symas.com>
Hi,
> I've recently added support for page-level encryption to LMDB 1.x
> using user-supplied callbacks
That does sound cool. :)
> One question is whether we should actually make this pluggable like
> this, or
> we should just hardcode support for a specific algorithm and leave it
> at that.
I vote on keeping it pluggable, so every crypograpy nut out there can
use their favourite mechanism.
> One
> complication is that if the algorithm is actually user-selectable, we
> need to
> dynamically adjust DB page layouts to accommodate different nonce/IV
> and
> signature sizes. (Currently MDB_page metadata is a statically
> defined
> structure. A dynamic size element here will make processing slower.)
What if page size would still be static, but that static size would be
user-defined on a per-environment basis?
Question: will this affect performance on non-encrypted databases?
Cheers,
Timur