From: Alex Elsayed <eternaleye@gmail.com>
To: linux-btrfs@vger.kernel.org
Subject: Re: [RFC PATCH] Btrfs: add sha256 checksum option
Date: Mon, 01 Dec 2014 16:43:27 -0800 [thread overview]
Message-ID: <m5j1vf$et2$1@ger.gmane.org> (raw)
In-Reply-To: 1417480114.12583.2.camel@scientia.net
Christoph Anton Mitterer wrote:
> On Sat, 2014-11-29 at 13:00 -0800, John Williams wrote:
>> On Sat, Nov 29, 2014 at 12:38 PM, Alex Elsayed <eternaleye@gmail.com>
>> wrote:
>> > Why not just use the kernel crypto API? Then the user can just specify
>> > any hash the kernel supports.
>>
>> One reason is that crytographic hashes are an order of magnitude
>> slower than the fastest non-cryptographic hashes. And for filesystem
>> checksums, I do not see a need for crypotgraphic hashes.
>
> I'm not that crypto expert, but wouldn't the combination of a
> cryptographic hash, in combination with e.g. dm-crypt below the
> filesystem give us what dm-crypt alone cannot really give us
> (authenticated integrity)?
>
> Would that combination of hash+encrypt basically work like a MAC?
Sadly, no. Partially because in order for an encrypted hash to be a secure
MAC, the encryption must be nonmalleable, which would require CMC or EME -
encryption modes which Linux does not presently support as I understand it.
There are other issues as well, including that MAC-then-encrypt is fragile
against a number of attacks, mainly in the padding-oracle category (See: TLS
BEAST attack).
AEAD modes are also nonmalleable, but as they are length-expanding they
cannot be used for LUKS. However, as eCryptFS and possibly the recent ext4
encryption work shows, using them at a higher-level (encrypting extents or
files) does work. Of course, if you're using an AEAD mode in the filesystem
anyway, just use it directly and have done with it.
next prev parent reply other threads:[~2014-12-02 0:43 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-24 5:23 [RFC PATCH] Btrfs: add sha256 checksum option Liu Bo
2014-11-24 5:23 ` [RFC PATCH] Btrfs-progs: support sha256 checksum algorithm Liu Bo
2014-11-24 8:23 ` [RFC PATCH] Btrfs: add sha256 checksum option Holger Hoffstätte
2014-11-24 18:55 ` Duncan
2014-11-24 19:34 ` John Williams
2014-11-25 10:30 ` Liu Bo
2014-11-25 10:52 ` Daniel Cegiełka
2014-11-25 23:17 ` John Williams
2014-11-26 12:50 ` Holger Hoffstätte
2014-11-26 17:53 ` John Williams
2014-11-25 10:28 ` Liu Bo
2014-11-24 20:07 ` Chris Mason
2014-11-24 20:58 ` Hugo Mills
2014-11-25 3:04 ` Qu Wenruo
2014-11-25 5:13 ` Zygo Blaxell
2014-11-25 11:30 ` Liu Bo
2014-11-26 13:36 ` Brendan Hide
2014-11-25 16:47 ` David Sterba
2014-11-25 19:45 ` Bardur Arantsson
2014-11-26 13:38 ` Brendan Hide
2014-11-26 13:58 ` Austin S Hemmelgarn
2014-12-01 18:37 ` David Sterba
2014-12-01 20:35 ` Austin S Hemmelgarn
2014-12-01 20:51 ` John Williams
2014-12-01 23:23 ` Alex Elsayed
2014-12-15 18:47 ` David Sterba
2014-11-25 16:39 ` David Sterba
2014-11-27 3:52 ` Liu Bo
2014-12-01 18:51 ` David Sterba
2014-11-29 20:38 ` Alex Elsayed
2014-11-29 21:00 ` John Williams
2014-11-29 21:07 ` Alex Elsayed
2014-11-29 21:21 ` John Williams
2014-11-29 21:27 ` Alex Elsayed
2014-12-01 12:39 ` Austin S Hemmelgarn
2014-12-01 17:22 ` John Williams
2014-12-01 17:42 ` Austin S Hemmelgarn
2014-12-01 17:49 ` John Williams
2014-12-01 19:28 ` Alex Elsayed
2014-12-01 19:34 ` Alex Elsayed
2014-12-01 20:26 ` Austin S Hemmelgarn
2014-12-01 19:58 ` John Williams
2014-12-01 20:04 ` Alex Elsayed
2014-12-01 20:08 ` Alex Elsayed
2014-12-01 20:46 ` John Williams
2014-12-01 22:56 ` Alex Elsayed
2014-12-01 23:05 ` Alex Elsayed
2014-12-01 23:37 ` John Williams
2014-12-01 23:46 ` Alex Elsayed
2014-12-02 0:03 ` John Williams
2014-12-02 0:15 ` Alex Elsayed
2014-12-02 0:30 ` John Williams
2014-12-02 0:34 ` Alex Elsayed
2014-12-02 0:11 ` John Williams
2014-12-01 23:48 ` John Williams
2014-12-02 0:06 ` Alex Elsayed
2014-12-02 0:10 ` Alex Elsayed
2014-12-02 0:16 ` John Williams
2014-12-02 0:28 ` Christoph Anton Mitterer
2014-12-02 0:43 ` Alex Elsayed [this message]
2014-12-02 0:53 ` Christoph Anton Mitterer
2014-12-02 1:25 ` Alex Elsayed
2014-12-02 1:32 ` Alex Elsayed
2014-11-30 22:51 ` Christoph Anton Mitterer
2014-11-30 22:59 ` Christoph Anton Mitterer
2014-11-30 23:05 ` Dimitri John Ledkov
2014-12-01 2:55 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='m5j1vf$et2$1@ger.gmane.org' \
--to=eternaleye@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).