Authentication with geom_eli
Allan Fields
afields at ncf.ca
Wed Jan 16 17:52:20 PST 2008
On 16-Jan-08, at 2:31 PM, Ivan Voras wrote:
> Cyrus Rahman wrote:
>
>> With this in mind, the addition of a less expensive authentication
>> algorithm, say a CRC, which would provide still provide a check on
>> the
>> channel between geom_eli and the physical disk sectors without the
>> overhead of md5 or sha256, would be extremely useful.
>
> I think this discussion was held in relation with ZFS (which by
> default does strong hashing of ALL data ALWAYS) and that somebody
> concluded from experiments that, given the difference in speed
> between modern CPUs and modern drives, there wasn't much difference
> between using CRC32 and using a strong hash.
>
> Of course, on slower / embedded devices the situation is much
> different.
Mind you perhaps this is best implemented as a separate GEOM class
all-together. I have had difficulty getting the GELI SHA and MD5
hashing to perform as expected, though it initializes with-out
error. Perhaps this works in a new release, I will verify, if not
I'll file pr.
Thanks,
Allan Fields <afields at ncf.ca>
More information about the freebsd-geom
mailing list