Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
To: "dsterba@suse.cz" <dsterba@suse.cz>
Cc: Johannes Thumshirn <jth@kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>,
Eric Biggers <ebiggers@google.com>,
Richard Weinberger <richard@nod.at>
Subject: Re: [PATCH v3 0/3] Add file-system authentication to BTRFS
Date: Tue, 26 May 2020 12:44:28 +0000 [thread overview]
Message-ID: <SN4PR0401MB35987BC70887DA064136F82A9BB00@SN4PR0401MB3598.namprd04.prod.outlook.com> (raw)
In-Reply-To: <20200526115300.GY18421@twin.jikos.cz>
On 26/05/2020 13:54, David Sterba wrote:
> On Tue, May 26, 2020 at 07:50:53AM +0000, Johannes Thumshirn wrote:
>> On 25/05/2020 15:11, David Sterba wrote:
>>> On Thu, May 14, 2020 at 11:24:12AM +0200, Johannes Thumshirn wrote:
>>> As mentioned in the discussion under LWN article, https://lwn.net/Articles/818842/
>>> ZFS implements split hash where one half is (partial) authenticated hash
>>> and the other half is a checksum. This allows to have at least some sort
>>> of verification when the auth key is not available. This applies to the
>>> fixed size checksum area of metadata blocks, for data we can afford to
>>> store both hashes in full.
>>>
>>> I like this idea, however it brings interesting design decisions, "what
>>> if" and corner cases:
>>>
>>> - what hashes to use for the plain checksum, and thus what's the split
>>> - what if one hash matches and the other not
>>> - increased checksum calculation time due to doubled block read
>>> - whether to store the same parital hash+checksum for data too
>>>
>>> As the authenticated hash is the main usecase, I'd reserve most of the
>>> 32 byte buffer to it and use a weak hash for checksum: 24 bytes for HMAC
>>> and 8 bytes for checksum. As an example: sha256+xxhash or
>>> blake2b+xxhash.
>>>
>>> I'd outright skip crc32c for the checksum so we have only small number
>>> of authenticated checksums and avoid too many options, eg.
>>> hmac-sha256-crc32c etc. The result will be still 2 authenticated hashes
>>> with the added checksum hardcoded to xxhash.
>>
>> Hmm I'm really not a fan of this. We would have to use something like
>> sha2-224 to get the room for the 2nd checksum. So we're using a weaker
>> hash just so we can add a second checksum.
>
> The idea is to calculate full hash (32 bytes) and store only the part
> (24 bytes). Yes this means there's some information loss and weakening,
> but enables a usecase.
I'm not enough a security expert to be able to judge this. Eric can I hear
your opinion on this?
Thanks,
Johannes
next prev parent reply other threads:[~2020-05-26 12:44 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 9:24 Johannes Thumshirn
2020-05-14 9:24 ` [PATCH v3 1/3] btrfs: rename btrfs_parse_device_options back to btrfs_parse_early_options Johannes Thumshirn
2020-05-14 9:24 ` [PATCH v3 2/3] btrfs: add authentication support Johannes Thumshirn
2020-05-27 13:24 ` David Sterba
2020-05-27 13:54 ` Johannes Thumshirn
2020-05-27 14:01 ` Johannes Thumshirn
2020-05-27 18:04 ` Johannes Thumshirn
2020-06-01 14:30 ` David Sterba
2020-06-01 14:35 ` David Sterba
2020-05-14 9:24 ` [PATCH v3 3/3] btrfs: document btrfs authentication Johannes Thumshirn
2020-05-14 12:26 ` Jonathan Corbet
2020-05-14 14:54 ` Johannes Thumshirn
2020-05-14 15:14 ` Richard Weinberger
2020-05-14 16:00 ` Jonathan Corbet
2020-05-14 16:05 ` Richard Weinberger
2020-05-24 19:55 ` David Sterba
2020-05-25 10:57 ` Johannes Thumshirn
2020-05-25 11:26 ` David Sterba
2020-05-25 11:44 ` Johannes Thumshirn
2020-05-25 13:10 ` [PATCH v3 0/3] Add file-system authentication to BTRFS David Sterba
2020-05-26 7:50 ` Johannes Thumshirn
2020-05-26 11:53 ` David Sterba
2020-05-26 12:44 ` Johannes Thumshirn [this message]
2020-06-01 14:59 ` David Sterba
2020-05-27 2:08 ` Qu Wenruo
2020-05-27 11:27 ` David Sterba
2020-05-27 11:58 ` Qu Wenruo
2020-05-27 13:11 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN4PR0401MB35987BC70887DA064136F82A9BB00@SN4PR0401MB3598.namprd04.prod.outlook.com \
--to=johannes.thumshirn@wdc.com \
--cc=dsterba@suse.cz \
--cc=ebiggers@google.com \
--cc=jth@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=richard@nod.at \
--subject='Re: [PATCH v3 0/3] Add file-system authentication to BTRFS' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).