I've give up: i've found a slide in percona site about pgcrypto that said the developers of plugin intentionally introduces time consuming code to prevent brute force attacks.
My queries involves pgcrypto only in a small number of record (about 2000), so at the end the execution time remains the same....sadly.
Now my hopes are now in TDE. Hope to see that feature in PostgrSQL soon.
Many thanks again for support to all!
Have a nice day,
Agharta
Il sab 7 gen 2023, 03:13 Bruce Momjian <bruce@momjian.us> ha scritto:
On Mon, Jan 2, 2023 at 05:57:38PM +0100, agharta82@gmail.com wrote: > So, a test with pgcrypto: > > select pgp_sym_encrypt(data::text, 'pwd') --default to aes128 > from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1 > hour'::interval) data > > vs > > select pgp_sym_encrypt(data::text, 'pwd','cipher-algo=bf') -- blowfish > from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp, '1 > hour'::interval) data
To see the difference, I think you need to construct a single large query that calls many pgcrypto functions, with a small return result, so the network, parsing, and optimizer overhead are minimal compared to the OpenSSL overhread.
