On Sat, 2014-11-29 at 13:00 -0800, John Williams wrote: > On Sat, Nov 29, 2014 at 12:38 PM, Alex Elsayed <eternal...@gmail.com> wrote: > > Why not just use the kernel crypto API? Then the user can just specify any > > hash the kernel supports. > > One reason is that crytographic hashes are an order of magnitude > slower than the fastest non-cryptographic hashes. And for filesystem > checksums, I do not see a need for crypotgraphic hashes.
I'm not that crypto expert, but wouldn't the combination of a cryptographic hash, in combination with e.g. dm-crypt below the filesystem give us what dm-crypt alone cannot really give us (authenticated integrity)? Would that combination of hash+encrypt basically work like a MAC? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
