Date: Thu, 3 Mar 2005 13:31:34 +0100 From: Bernd Walter <ticso@cicely12.cicely.de> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE Message-ID: <20050303123133.GX86348@cicely12.cicely.de> In-Reply-To: <7153.1109852325@critter.freebsd.dk> References: <20050303120421.GW86348@cicely12.cicely.de> <7153.1109852325@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote: > In message <20050303120421.GW86348@cicely12.cicely.de>, Bernd Walter writes: > > >No matter what disk you take - writes never have been atomic. > >The major difference I see is that you get a read error back in > >the disk failure case, while such a crypto failure produces more or > >less random data without any error. > >Mounting unclean filesystems rw for bg_fsck can be considered > >dangerous with such unexpected data corruption. > >And how would you know that a restore from backup is required for > >a damaged file? > > 100% true. > > The trouble is that it would cost a lot in performance and a doubling > in metadata to protect yourself against this. Keeping the old and new key together with an digest from both encrypted contents until we have an acknowledge from backing store would really help. RAID syncronity is the same problem - at least you want to know which blocks are possibly asyncron for a quick boot phase. Todays computers are still missing general purpose NVRAM for those bookkeeping :( Without NVRAM all you can do is using a disk block for it and accept the performance hit or live with the risk. -- B.Walter BWCT http://www.bwct.de bernd@bwct.de info@bwct.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303123133.GX86348>