Re: The future of disk encryption with LUKS2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4 Feb 2016 09:38 +0100, from gmazyland@xxxxxxxxx (Milan Broz):
> On 02/03/2016 08:46 PM, Sven Eschenberg wrote:
>> Personally I'd love to see FEC extensions in a v2 on-disk-format.
> 
> Anyway, if you have some real use cases for FEC (and specifically some
> real-world examples of data corruption it can fix), please share it, I am
> very interested to see that. (I know the problem exist and that FEC could
> be useful but seems nobody is able provide any hard data...)

Plain data duplication seems both easier to implement and likely to
allow recovery from the same as well as other classes of errors.
Reed-Solomon and similar FEC is useful when a read is marginal, but
useless when a read fails completely, which I believe is a far more
common failure mode in the layers of storage that we are interested
in.

Storing the LUKS header in two separate locations on disk could
probably do the trick. For example, right at the start *and* right at
the end of the LUKS container, which would avoid any issues with
having to remap a location in the middle of the container. Put a
counter in the header, ensure that all copies are in sync when the
header is read or written to, and if they are out of sync, use the one
with the highest counter value that works and rewrite the other. Add a
checksum (could be something really simple even, like CRC32, but it
would be good to make this extensible without needing to change the
on-disk format) to protect against any corruption that somehow manages
to slip past the FEC in the storage layer.

In fact, that would be similar to how ZFS and Btrfs already solves
pretty much the same problem.

I would discourage complex features; in cryptography, simple and easy
to validate should be the name of the game, and simply storing the
same data in two distinct locations is _far_ easier to understand than
code to calculate and use FEC data.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux