From: Gregory Maxwell <gmaxwell@gmail.com>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
Cc: reiserfs-list@namesys.com
Subject: Re: Plugin for corruption resistance?
Date: Fri, 18 Feb 2005 08:36:51 -0500 [thread overview]
Message-ID: <e692861c0502180536270fcee2@mail.gmail.com> (raw)
In-Reply-To: <200502180428.j1I4S92I019716@turing-police.cc.vt.edu>
On Thu, 17 Feb 2005 23:28:09 -0500, Valdis.Kletnieks@vt.edu
<Valdis.Kletnieks@vt.edu> wrote:
> On the flip side, hash functions like MD5 or the SHA family are fairly bulletproof,
> but are essentially impossible to develop an incremental update for (if there
> existed a fast incremental update for the hash function, that would imply a
> very low preimage resistance, rendering it useless as a cryptographic hash).
Tree hashes.
Divide the file into blocks of N bytes. Compute size/N hashes.
Group hashes into pairs. Compute N/2 N' hashes, this is fast because
hashes are small. Group N' hashes into pairs compute N'/2 N'' hashes
etc.. Reduce to a single hash.
A number of useful tradeoffs are possible: By enlarging N you improve
the strength along various cryptographic dimensions. By changing the
fanout, and deciding how many N your store, which N you store, which
N' you store, etc you decide how easy it is to update the hash and you
decide what the smallest increment you can test is... you trade off
storage (and a little computation) for this ease.
> Also, there's another issue - unlike standard ECC codes that can actually *fix*
> the problem (for at least small number of bit errors), it's unclear what you should
> do if you find a mismatch between the hash of a block and the block contents, as
> you don't know whether it's the actual data or the hash that's corrupted....
In my initial suggestion I offered that hashes could be verified by a
userspace daemon, or by fsck (since it's an expensive operation)...
Such policy could be controlled in the daemon.
In most cases I'd like it to make the file inaccessible until I go and
fix it by hand.
It would also be useful to have the checker daemon watch the logs (or
recieve notifications through some kernel interface)... and any block
level errors (or smartd errors) backprojected up (through raid and lvm
remappings) to the file system level ... After identifying the
potentially corrupted file, it could then test the file. If the file
has been corrupted, the configured action is taken.
If this policy is in userspace, the level of action sopication could
be very high: for example, if I was on a distribution with package
management, and the file was outside of /home, and the package flags
didn't indicate it was a config file.. then go fetch the package, and
replace the file and send me an email so I don't forget how wonderful
my OS is. :)
next prev parent reply other threads:[~2005-02-18 13:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-11 18:58 Plugin for corruption resistance? Gregory Maxwell
2005-02-11 20:39 ` Jake Maciejewski
2005-02-11 20:53 ` Tom Vier
2005-02-12 5:19 ` David Masover
2005-02-13 3:48 ` Esben Stien
2005-02-14 2:01 ` Reiser 4 Apple Michael James
2005-02-14 18:49 ` Hans Reiser
2005-02-14 17:45 ` Plugin for corruption resistance? Hans Reiser
2005-02-15 20:42 ` Adam
2005-02-17 4:10 ` David Masover
2005-02-17 10:53 ` Christian Iversen
2005-02-18 3:43 ` David Masover
2005-02-18 4:28 ` Valdis.Kletnieks
2005-02-18 13:36 ` Gregory Maxwell [this message]
2005-02-18 22:09 ` Valdis.Kletnieks
2005-02-19 3:28 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e692861c0502180536270fcee2@mail.gmail.com \
--to=gmaxwell@gmail.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.