On 2019-04-08 07:27, Leonid Bloch wrote:
Hi List,
Can you suggest a way of cryptographically verifying the content of a
btrfs subvolume, besides the naïve approach, of running a cryptographic
hash function on the output of btrfs send?
Running BTRFS on top of dm-integrity and dm-crypt with them set up to
provide AEAD-style encryption comes to mind as an option, and would
actually provide a much higher level of verification than just verifying
the content of a subvolume (it will verify the entire filesystem).
Back in 2014, an RFC patch was sent to allow using sha256 instead of
crc32c for checksumming.
(https://patchwork.kernel.org/patch/5363311)
It was not merged. Had it been merged, one could just check the return
value of btrfs scrub, instead of checksumming the whole btrfs send
output, correct?
In theory yes, provided you just want hashes and not an HMAC.
