Nicolas Williams wrote: > On Tue, Nov 03, 2009 at 07:28:15PM +0000, Darren J Moffat wrote: >> Nicolas Williams wrote: >>> Interesting. If ZFS could make sure no blocks exist in a pool from more >>> than 2^64-1 transactions ago[*], then the txg + a 32-bit per-transaction >>> block write counter would suffice. That way Darren would have to store >>> just 32 bits of the IV. That way he'd have 352 bits to work with, and >>> then it'd be possible to have a 128-bit authentication tag and a 224-bit >>> hash. >> >> The logical txg (post dedup integration we have physical and logical >> transaction ids) + a 32 bit counter is interesting. It was actually my >> very first design for IV's several years ago! [...] >> I suspect that sometime in the next 584,542 years the block pointer size >> for ZFS will increase and I'll have more space to store a bigger MAC, >> hash and IV. In fact I guess that will happen even in the next 50 years. > > Heh. txg + 32-bit counter == 96-bit IVs sounds like the way to go.
I'm confused. How does this allow you to do block-level deduplication, given that the IV (and hence the ciphertext) will be different for every block even when the plaintext is the same? -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
Description: OpenPGP digital signature