On Wed, Oct 3, 2012 at 7:41 AM, David McGrew (mcgrew) <[email protected]> wrote: > Are the requirements for the security of ZFS and the use of cryptography > in that filesystem documented anywhere? > <https://blogs.oracle.com/bonwick/entry/zfs_end_to_end_data> mentions a > Merkle tree of checksums, where the checksum function can be either > Fletcher or SHA-256. A collision-resistant hash of an entire system is > indispensable if asymmetric authentication is needed, but are there common > scenarios where that is needed? If encryption is used in ZFS, then there > is necessarily a symmetric encryption key that is being managed; why not > use symmetric message authentication as well, and take advantage of the > performance gain?
Encrypted ZFS has a requirement that it must be possible to check pool integrity without having access to the keys. This means that even if encrypted ZFS used MACs (it does) it still needs to hash ciphertext in a Merkle hash tree fashion for the purpose of un-keyed integrity checking. Since a MAC is also used I think one could argue that the hash function needn't be all that strong: it's primarily needed for error detection. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
