[cryptography] ZFS dedup? hashes (Re: [zfs] SHA-3 winner announced)

Eugen Leitl eugen at leitl.org
Thu Oct 4 09:22:19 EDT 2012


----- Forwarded message from Sašo Kiselkov <skiselkov.ml at gmail.com> -----

From: Sašo Kiselkov <skiselkov.ml at gmail.com>
Date: Thu, 04 Oct 2012 15:19:59 +0200
To: zfs at lists.illumos.org
CC: Eugen Leitl <eugen at leitl.org>
Subject: Re: [cryptography] ZFS dedup? hashes (Re: [zfs] SHA-3 winner
	announced)
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929
	Thunderbird/7.0.1
Reply-To: zfs at lists.illumos.org

On 10/04/2012 02:41 PM, Eugen Leitl wrote:
> ----- Forwarded message from "David McGrew (mcgrew)" <mcgrew at cisco.com> -----
> 
> From: "David McGrew (mcgrew)" <mcgrew at cisco.com>
> Date: Thu, 4 Oct 2012 12:19:55 +0000
> To: Eugen Leitl <eugen at leitl.org>,
> 	"cryptography at randombit.net" <cryptography at randombit.net>
> Subject: Re: [cryptography] ZFS dedup? hashes (Re: [zfs] SHA-3 winner
> 	announced)
> user-agent: Microsoft-MacOutlook/14.2.1.120420
> 
> It would be redundant to use HMAC-SHA256 in conjunction with authenticated
> encryption modes like those mentioned on the Oracle webpage that I
> mentioned (AES-GCM and AES-CCM).    Perhaps what you meant to say is that
> when those modes are used, that SHA256 is used as the ZFS data-integrity
> checksum?   Or is it the case that the data-integrity checksum can use a
> keyed message authentication code?
> 
>> If we get around to implementing
>> encryption in Illumos, we would most likely go the same route. Thanks
>> for your insights, though, they are certainly valuable.
> 
> Is there any public specification for how cryptography is used in either
> the Sun/Oracle version or the Illumos version of ZFS?

I'm not really sure how Oracle implemented their stuff in detail. I know
that they use the block-level checksum to also authenticate the data,
but then they also say that you can perform a block validation even if
you don't have the encryption key. Best talk to Oracle about the details
on that.

Illumos' ZFS doesn't have encryption, so block authentication isn't
important for us.

Cheers,
--
Saso


-------------------------------------------
illumos-zfs
Archives: https://www.listbox.com/member/archive/182191/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182191/22842876-6fe17e6f
Modify Your Subscription: https://www.listbox.com/member/?member_id=22842876&id_secret=22842876-a25d3366
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE



More information about the cryptography mailing list