Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Sep 2010 15:22:27 -0400
From:      "Andriy Bakay" <andriy@irbisnet.com>
To:        "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org>
Subject:   ZFS + GELI data integrity
Message-ID:  <op.vi433pxp6f601j@prime.irbisnet.com>

next in thread | raw e-mail | index | archive | help
Hi list(s),

I am using ZFS on top of GELI. Does exists any practical reason to enable  
GELI data authentication (data integrity) underneath of ZFS? I understand  
GELI data integrity is cryptographically strong -- up to HMAC/SHA512, but  
ZFS has SHA256 checksum. GELI linked data to sector and will detect if  
somebody move data around, but my understanding is to move data around  
consistently one need to decrypt it which is very difficult. Correct me if  
I wrong.

Any thoughts?

Thanks,
Andriy



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.vi433pxp6f601j>