| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: FPW compression leaks information |
| Date: | 2015-04-13 00:38:32 |
| Message-ID: | 552B1008.8020007@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04/10/2015 05:17 AM, Robert Haas wrote:
> On Apr 9, 2015, at 8:51 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>> What should we do about this?
>
> I bet that there are at least 1000 covert channel attacks that are more practically exploitable than this.
Care to name some? This is certainly quite cumbersome to exploit, but
it's doable.
We've talked a lot about covert channels and timing attacks on RLS, but
this makes me more worried because you can attack passwords stored in
pg_authid.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2015-04-13 00:48:35 | Re: FPW compression leaks information |
| Previous Message | Alvaro Herrera | 2015-04-13 00:00:38 | Re: moving from contrib to bin |