On 19/11/2010 00:39, David Magda wrote:
On Nov 16, 2010, at 05:09, Darren J Moffat wrote:
Both CCM[1] and GCM[2] are provided so that if one turns out to have
flaws hopefully the other will still be available for use safely even
though they are roughly similar styles of modes.
On systems without hardware/cpu support for Galios multiplication
(Intel Westmere and later and SPARC T3 and later) GCM will be slower
because the Galios field multiplication has to happen in software
without any hardware/cpu assist. However depending on your workload
you might not even notice the difference.
Both modes of operation are authenticating. At one point the design of
ZFS crypto had the checksum automatically go to SHA-256 when it was
enabled. [1] Is "SHA activation" still the case, or are the two modes of
operations simply used in themselves to verify data integrity?
That is still the case, the blockpointer contains the IV, the SHA256
checksum (truncated) and the MAC from CCM and GCM.
Also, are slog and cache devices encrypted at this time? Given a pool,
and the fact that only particular data sets on it could be encrypted,
would these special devices be entirely encrypted, or only data from the
particular encrypted data set/s? I would also assume the in-memory ARC
would be clear-text.
The ZIL wither it is in pool or on a slog is always encrypted for an
encrypted dataset, it is encrypted in exactly the same way.
Data from encrypted datasets does not currently go to the L2ARC cache
devices.
The in memory ARC is in the clear and it has to be because those buffers
can be shared via zero copy means to other parts of the system including
other filesystems like NFS and CIFS.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
