So, if I had a block collision on my ZFS pool that used dedup, and it had my
bank balance of $3,212.20 on it, and you tried to write your bank balance of
$3,292,218.84 and got the same hash, no verify, and thus you got my
block/balance and now your bank balance was reduced by 3 orders of magnitude,
would you be okay with that? What assurances would you be content with using
my ZFS pool?
On Jul 11, 2012, at 9:43 AM, Sašo Kiselkov wrote:
> On 07/11/2012 04:30 PM, Gregg Wonderly wrote:
>> This is exactly the issue for me. It's vital to always have verify on. If
>> you don't have the data to prove that every possible block combination
>> possible, hashes uniquely for the "small" bit space we are talking about,
>> then how in the world can you say that "verify" is not necessary? That just
>> seems ridiculous to propose.
> Do you need assurances that in the next 5 seconds a meteorite won't fall
> to Earth and crush you? No. And yet, the Earth puts on thousands of tons
> of weight each year from meteoric bombardment and people have been hit
> and killed by them (not to speak of mass extinction events). Nobody has
> ever demonstrated of being able to produce a hash collision in any
> suitably long hash (128-bits plus) using a random search. All hash
> collisions have been found by attacking the weaknesses in the
> mathematical definition of these functions (i.e. some part of the input
> didn't get obfuscated well in the hash function machinery and spilled
> over into the result, resulting in a slight, but usable non-randomness).
zfs-discuss mailing list