From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
To: Leonid Bloch <lbloch@janustech.com>,
"linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Cc: "bo.li.liu@oracle.com" <bo.li.liu@oracle.com>
Subject: Re: Cryptographically verifying a btrfs subvolume
Date: Mon, 8 Apr 2019 08:44:03 -0400 [thread overview]
Message-ID: <25abc057-4ff8-5a73-ee4b-0afda4fab16d@gmail.com> (raw)
In-Reply-To: <adac7db8-aed6-9573-ec09-4acd5059801e@janustech.com>
On 2019-04-08 07:27, Leonid Bloch wrote:
> Hi List,
>
> Can you suggest a way of cryptographically verifying the content of a
> btrfs subvolume, besides the naïve approach, of running a cryptographic
> hash function on the output of btrfs send?
Running BTRFS on top of dm-integrity and dm-crypt with them set up to
provide AEAD-style encryption comes to mind as an option, and would
actually provide a much higher level of verification than just verifying
the content of a subvolume (it will verify the entire filesystem).
>
> Back in 2014, an RFC patch was sent to allow using sha256 instead of
> crc32c for checksumming.
> (https://patchwork.kernel.org/patch/5363311)
> It was not merged. Had it been merged, one could just check the return
> value of btrfs scrub, instead of checksumming the whole btrfs send
> output, correct?
In theory yes, provided you just want hashes and not an HMAC.
next prev parent reply other threads:[~2019-04-08 12:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-08 11:27 Cryptographically verifying a btrfs subvolume Leonid Bloch
2019-04-08 12:44 ` Austin S. Hemmelgarn [this message]
2019-04-08 13:30 ` Leonid Bloch
2019-04-08 14:22 ` Austin S. Hemmelgarn
2019-04-08 13:10 ` Johannes Thumshirn
2019-04-08 13:49 ` Leonid Bloch
2019-04-08 13:55 ` Johannes Thumshirn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25abc057-4ff8-5a73-ee4b-0afda4fab16d@gmail.com \
--to=ahferroin7@gmail.com \
--cc=bo.li.liu@oracle.com \
--cc=lbloch@janustech.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).