Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto
David-Sarah Hopwood
david-sarah at jacaranda.org
Tue Nov 3 23:38:05 EST 2009
David-Sarah Hopwood wrote:
> Straw-man suggestion:
>
> mac = MAC[dataset_mac_key](plaintext)
> iv = Hash1(mac)
> ciphertext = Encrypt[dataset_enc_key](iv, plaintext)
>
> Store (mac, Hash2(ciphertext)) in the block pointer.
> Use Hash2(ciphertext) as a dedupe tag.
Actually, there's nothing to prevent using both mac and Hash2(ciphertext)
as a dedupe tag in this scheme. It probably isn't necessary, but can't hurt,
and might help if weaknesses were found in SHA-256.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20091104/9e0f0569/attachment.pgp>
More information about the cryptography
mailing list