On Fri, May 10, 2019 at 01:15:30PM +0200, Johannes Thumshirn wrote: > This patchset add support for adding new checksum types in BTRFS. > > Currently BTRFS only supports CRC32C as data and metadata checksum, which is > good if you only want to detect errors due to data corruption in hardware. > > But CRC32C isn't able cover other use-cases like de-duplication or > cryptographically save data integrity guarantees. > > The following properties made SHA-256 interesting for these use-cases: > - Still considered cryptographically sound > - Reasonably well understood by the security industry > - Result fits into the 32Byte/256Bit we have for the checksum in the on-disk > format > - Small enough collision space to make it feasible for data de-duplication > - Fast enough to calculate and offloadable to crypto hardware via the kernel's > crypto_shash framework. > > The patchset also provides mechanisms for plumbing in different hash > algorithms relatively easy.
Once the code is ready for more checksum algos, we'll pick candidates and my idea is to select 1 fast (not necessarily strong, but better than crc32c) and 1 strong (but slow, and sha256 is the candidate at the moment). The discussion from 2014 on that topic brought a lot of useful information, though some algos have could have evolved since. https://lore.kernel.org/linux-btrfs/1416806586-18050-1-git-send-email-bo.li....@oracle.com/ In about 5 years timeframe we can revisit the algos and potentially add more, so I hope we'll be able to agree to add just 2 in this round. The minimum selection criteria for a digest algorithm: - is provided by linux kernel crypto subsystem - has a license that will allow to use it in bootloader code (grub at lest) - the implementation is available for btrfs-progs either as some small library or can be used directly as a .c file
