ZFS + GELI data integrity
Andriy Bakay
andriy at irbisnet.com
Thu Sep 16 19:22:31 UTC 2010
Hi list(s),
I am using ZFS on top of GELI. Does exists any practical reason to enable
GELI data authentication (data integrity) underneath of ZFS? I understand
GELI data integrity is cryptographically strong -- up to HMAC/SHA512, but
ZFS has SHA256 checksum. GELI linked data to sector and will detect if
somebody move data around, but my understanding is to move data around
consistently one need to decrypt it which is very difficult. Correct me if
I wrong.
Any thoughts?
Thanks,
Andriy
More information about the freebsd-fs
mailing list