Timur Kristóf wrote:
Hi,
I've recently added support for page-level encryption to LMDB 1.x using user-supplied callbacks
That does sound cool. :)
One question is whether we should actually make this pluggable like this, or we should just hardcode support for a specific algorithm and leave it at that.
I vote on keeping it pluggable, so every crypograpy nut out there can use their favourite mechanism.
Yeah, that's still my inclination as well. And yes, there's a reference chacha20 implementation already, which I've been using for testing.
One complication is that if the algorithm is actually user-selectable, we need to dynamically adjust DB page layouts to accommodate different nonce/IV and signature sizes. (Currently MDB_page metadata is a statically defined structure. A dynamic size element here will make processing slower.)
What if page size would still be static, but that static size would be user-defined on a per-environment basis?
We sort of support that already, allowing page sizes larger than the OS pagesize to be used. So I guess it's not too big of a change.
Question: will this affect performance on non-encrypted databases?
Ideally, not. ;) It's a bit early to tell.
Anyway, the API I originally quoted needs to be tweaked to accomodate the authentication signature support so this is all still in flux.
-
Howard Chu