On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote: > In message <[EMAIL PROTECTED]>, Bernd Walter writes: > > >No matter what disk you take - writes never have been atomic. > >The major difference I see is that you get a read error back in > >the disk failure case, while such a crypto failure produces more or > >less random data without any error. > >Mounting unclean filesystems rw for bg_fsck can be considered > >dangerous with such unexpected data corruption. > >And how would you know that a restore from backup is required for > >a damaged file? > > 100% true. > > The trouble is that it would cost a lot in performance and a doubling > in metadata to protect yourself against this.
Keeping the old and new key together with an digest from both encrypted contents until we have an acknowledge from backing store would really help. RAID syncronity is the same problem - at least you want to know which blocks are possibly asyncron for a quick boot phase. Todays computers are still missing general purpose NVRAM for those bookkeeping :( Without NVRAM all you can do is using a disk block for it and accept the performance hit or live with the risk. -- B.Walter BWCT http://www.bwct.de [EMAIL PROTECTED] [EMAIL PROTECTED] _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
