linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Austin S Hemmelgarn <ahferroin7@gmail.com>
To: John Williams <jwilliams4200@gmail.com>
Cc: Btrfs BTRFS <linux-btrfs@vger.kernel.org>
Subject: Re: [RFC PATCH] Btrfs: add sha256 checksum option
Date: Mon, 01 Dec 2014 12:42:08 -0500	[thread overview]
Message-ID: <547CA870.9040904@gmail.com> (raw)
In-Reply-To: <CAJBj3vfvBd5robRak1j-q0qGVT46BTR6VM=SRg5S-2p8GxjX6A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3088 bytes --]

On 2014-12-01 12:22, John Williams wrote:
> On Mon, Dec 1, 2014 at 4:39 AM, Austin S Hemmelgarn
> <ahferroin7@gmail.com> wrote:
>
>> Just because it's a filesystem doesn't always mean that speed is the most
>> important thing.  Personally, I can think of multiple cases where using a
>> cryptographically strong hash would be preferable, for example:
>>   * On an fs used solely for backup purposes
>>   * On a fs used for /boot
>>   * On an fs spread across a very large near-line disk array and mounted
>>     by a system with a powerful CPU
>>   * Almost any other case where data integrity is more important than
>>     speed
>
> What does data integrity have to do with whether the hash is
> cryptographic or not? The primary difference between a cryptographic
> and non-cryptographic hash is that the non-cryptographic hash can be
> easily guessed / predicted (eg., an attack to deliberately create
> collisions) whereas the cryptographic hash cannot (given reasonable
> assumptions of CPU power).
>
> For filesystem checksums it is difficult to imagine a deliberate
> attack on the checksums. Consequently, the only really important
> quality for the hash besides speed is collision resistance. The
> non-crypto hashes that I have mentioned in this thread have excellent
> collision resistant properties.
I'm not saying they don't have excellent collision resistance 
properties.  I'm also not saying that we shouldn't support such 
non-cryptographic hashes, just that we shouldn't explicitly NOT support 
other hashes, and that if we are going to support more than one hash 
algorithm, we should use the infrastructure already in place in the 
kernel for such things because it greatly simplifies maintaining the code.

In fact, if I had the time, I'd just write CryptoAPI implementations of 
those hashes myself.
>
>> The biggest reason to use the in-kernel Crypto API though, is that it gives
>> a huge amount of flexibility, and provides pretty much transparent
>> substitution of CPU optimized versions of the exported hash functions (for
>> example, you don't have to know whether or not your processor supports
>> Intel's CRC32 ISA extensions).
>
> Which is worse than useless if the CPU-optimized crypto hash is slower
> than the default non-crypto hash, and that will almost always be the
> case. Besides, there is nothing magic happening in the Crypto API
> library. If you implement your own hash, you can easily do a few
> checks and choose the best code for the CPU.
>
Except most of the CPU optimized hashes aren't crypto hashes (other than 
the various SHA implementations).  Furthermore, I've actually tested the 
speed of a generic CRC32c implementation versus SHA-1 using the SHA 
instructions on an UltraSPARC processor, and the difference ammounts to 
a few microseconds in _favor_ of the optimized crypto hash; and I've run 
the math for every other ISA that has instructions for computing SHA 
hashes (I don't have the hardware for any of the others), and expect 
similar results for those as well.



[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 2455 bytes --]

  reply	other threads:[~2014-12-01 17:42 UTC|newest]

Thread overview: 67+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-24  5:23 [RFC PATCH] Btrfs: add sha256 checksum option Liu Bo
2014-11-24  5:23 ` [RFC PATCH] Btrfs-progs: support sha256 checksum algorithm Liu Bo
2014-11-24  8:23 ` [RFC PATCH] Btrfs: add sha256 checksum option Holger Hoffstätte
2014-11-24 18:55   ` Duncan
2014-11-24 19:34     ` John Williams
2014-11-25 10:30       ` Liu Bo
2014-11-25 10:52         ` Daniel Cegiełka
2014-11-25 23:17         ` John Williams
2014-11-26 12:50           ` Holger Hoffstätte
2014-11-26 17:53             ` John Williams
2014-11-25 10:28   ` Liu Bo
2014-11-24 20:07 ` Chris Mason
2014-11-24 20:58   ` Hugo Mills
2014-11-25  3:04     ` Qu Wenruo
2014-11-25  5:13     ` Zygo Blaxell
2014-11-25 11:30   ` Liu Bo
2014-11-26 13:36     ` Brendan Hide
2014-11-25 16:47   ` David Sterba
2014-11-25 19:45     ` Bardur Arantsson
2014-11-26 13:38     ` Brendan Hide
2014-11-26 13:58       ` Austin S Hemmelgarn
2014-12-01 18:37         ` David Sterba
2014-12-01 20:35           ` Austin S Hemmelgarn
2014-12-01 20:51             ` John Williams
2014-12-01 23:23               ` Alex Elsayed
2014-12-15 18:47                 ` David Sterba
2014-11-25 16:39 ` David Sterba
2014-11-27  3:52   ` Liu Bo
2014-12-01 18:51     ` David Sterba
2014-11-29 20:38   ` Alex Elsayed
2014-11-29 21:00     ` John Williams
2014-11-29 21:07       ` Alex Elsayed
2014-11-29 21:21         ` John Williams
2014-11-29 21:27           ` Alex Elsayed
2014-12-01 12:39           ` Austin S Hemmelgarn
2014-12-01 17:22             ` John Williams
2014-12-01 17:42               ` Austin S Hemmelgarn [this message]
2014-12-01 17:49                 ` John Williams
2014-12-01 19:28                   ` Alex Elsayed
2014-12-01 19:34                     ` Alex Elsayed
2014-12-01 20:26                       ` Austin S Hemmelgarn
2014-12-01 19:58                     ` John Williams
2014-12-01 20:04                       ` Alex Elsayed
2014-12-01 20:08                         ` Alex Elsayed
2014-12-01 20:46                           ` John Williams
2014-12-01 22:56                             ` Alex Elsayed
2014-12-01 23:05                             ` Alex Elsayed
2014-12-01 23:37                               ` John Williams
2014-12-01 23:46                                 ` Alex Elsayed
2014-12-02  0:03                                   ` John Williams
2014-12-02  0:15                                     ` Alex Elsayed
2014-12-02  0:30                                       ` John Williams
2014-12-02  0:34                                         ` Alex Elsayed
2014-12-02  0:11                                   ` John Williams
2014-12-01 23:48                               ` John Williams
2014-12-02  0:06                                 ` Alex Elsayed
2014-12-02  0:10                                   ` Alex Elsayed
2014-12-02  0:16                                   ` John Williams
2014-12-02  0:28       ` Christoph Anton Mitterer
2014-12-02  0:43         ` Alex Elsayed
2014-12-02  0:53           ` Christoph Anton Mitterer
2014-12-02  1:25             ` Alex Elsayed
2014-12-02  1:32               ` Alex Elsayed
2014-11-30 22:51     ` Christoph Anton Mitterer
2014-11-30 22:59     ` Christoph Anton Mitterer
2014-11-30 23:05       ` Dimitri John Ledkov
2014-12-01  2:55         ` Christoph Anton Mitterer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=547CA870.9040904@gmail.com \
    --to=ahferroin7@gmail.com \
    --cc=jwilliams4200@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).