[Date Prev][Date Next]
Re: LMDB encryption support
- To: Howard Chu <firstname.lastname@example.org>, "OpenLDAPemail@example.com" <OpenLDAPfirstname.lastname@example.org>
- Subject: Re: LMDB encryption support
- From: Timur Kristóf <email@example.com>
- Date: Thu, 10 Aug 2017 20:11:32 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:date:in-reply-to:references:mime-version :content-transfer-encoding; bh=SZYk+AEO4/zgQa8f7z1cXy3kKf3lTzmWqyTc/TbcT+Y=; b=TrFQ8Uds8y/CwwgUmVBD/c/fpUrXCiGIGuUJIPWhj4z+tJx7P9rcxvEkWH3g9e7Ud2 dWfZzs4MHgdf1Gq/TuC5DUAk2X89Y4BNBtH+D2sxrDU7h39XCIFvWYNi5YnYzsua8jtX K5P8wPmLEbY8e6sHIf9eLipdwOFEbrBvC0TLuguAEfvZwrFIlkwjvwLVe+z9mNyQOHg+ gWkrd8v0ydkoCym4gscwvviKdzVtFFM5sBTYHHCz1q/c7nXnVeO8zQZ2vZiiu8QFOS04 I4ahMis/RakmJPTrbz4lH8HSW5M9nTtVssSWW88U9V3iYd8ANbgkwoGZKzXKP3hT3Vo3 49uA==
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com>
> I've recently added support for page-level encryption to LMDB 1.x
> using user-supplied callbacks
That does sound cool. :)
> One question is whether we should actually make this pluggable like
> this, or
> we should just hardcode support for a specific algorithm and leave it
> at that.
I vote on keeping it pluggable, so every crypograpy nut out there can
use their favourite mechanism.
> complication is that if the algorithm is actually user-selectable, we
> need to
> dynamically adjust DB page layouts to accommodate different nonce/IV
> signature sizes. (Currently MDB_page metadata is a statically
> structure. A dynamic size element here will make processing slower.)
What if page size would still be static, but that static size would be
user-defined on a per-environment basis?
Question: will this affect performance on non-encrypted databases?