On Wed, Sep 16, 2020 at 08:30:01AM -0400, Jeff Layton wrote: > > It sounds like we'll probably need to stabilize some version of the > nokey name so that we can allow the MDS to look them up. Would it be a > problem for us to use the current version of the nokey name format for > this, or would it be better to come up with some other distinct format > for this? > You could use the current version, with the dirhash field changed from u32 to __le32 so that it doesn't depend on CPU endianness. But you should also consider using just base64(SHA256(filename)). The SHA256(filename) approach wouldn't include a dirhash, and it would handle short filenames less efficiently. However, it would be simpler. Would it be any easier for you? I'm not sure which would be better from a fs/crypto/ perspective. For *now*, it would be easier if you just used the current 'struct fscrypt_nokey_name'. However, anything you use would be set in stone, whereas as-is the format can be changed at any time. In fact, we changed it recently; see commit edc440e3d27f. If we happen to change the nokey name in the future for local filesystems (say, to use BLAKE2 instead of SHA256, or to support longer dirhashes), then it would be easier if the stable format were just SHA256(filename). It's not a huge deal though. So if e.g. you like that the current format avoids the cryptographic hash for the vast majority of filenames, and if you're fine with the slightly increased complexity, you can just use it. - Eric