This is exactly the issue for me.  It's vital to always have verify on.  If you 
don't have the data to prove that every possible block combination possible, 
hashes uniquely for the "small" bit space we are talking about, then how in the 
world can you say that "verify" is not necessary?  That just seems ridiculous 
to propose.

Gregg Wonderly

On Jul 11, 2012, at 9:22 AM, Bob Friesenhahn wrote:

> On Wed, 11 Jul 2012, Sašo Kiselkov wrote:
>> the hash isn't used for security purposes. We only need something that's
>> fast and has a good pseudo-random output distribution. That's why I
>> looked toward Edon-R. Even though it might have security problems in
>> itself, it's by far the fastest algorithm in the entire competition.
> If an algorithm is not 'secure' and zfs is not set to verify, doesn't that 
> mean that a knowledgeable user will be able to cause intentional data 
> corruption if deduplication is enabled?  A user with very little privilege 
> might be able to cause intentional harm by writing the magic data block 
> before some other known block (which produces the same hash) is written.  
> This allows one block to substitute for another.
> It does seem that security is important because with a human element, data is 
> not necessarily random.
> Bob
> -- 
> Bob Friesenhahn
> GraphicsMagick Maintainer,    
> zfs-discuss mailing list

zfs-discuss mailing list

Reply via email to