> Could also explain why you choose CCM over GCM as the default? GCM > sounds like a better choice from performance and security perspective, > so this is a bit surprising to me.
I chose CCM as the default because GCM has recently been the subject of a couple of papers that point out potential vulnerabilities. These are not completely damning and nobody has been able to disprove the security of GCM, but in light of this work I made CCM the default. See http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf for details. That said, we do use the full 128 bit tag length which significantly reduces the threat of these vulnerabilities. It is also important to note that encryption=on is simply an alias for "let the current zfs version pick an encryption suite for me." Once the dataset is created the encryption property will take on the default value. This makes it easy to change if needed (simply update the ZIO_CRYPT_ON_VALUE macro and update the docs) since the "on" value should never actually be used on-disk. This will be important in the future as new algorithms are created and existing ones are broken. ------------------------------------------- openzfs-developer Archives: https://www.listbox.com/member/archive/274414/=now RSS Feed: https://www.listbox.com/member/archive/rss/274414/28015062-cce53afa Modify Your Subscription: https://www.listbox.com/member/?member_id=28015062&id_secret=28015062-f966d51c Powered by Listbox: http://www.listbox.com
