Announcement

Collapse
No announcement yet.

Btrfs Authenticated File-System Support Looks To Be Revived

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Btrfs Authenticated File-System Support Looks To Be Revived

    Phoronix: Btrfs Authenticated File-System Support Looks To Be Revived

    Last year a SUSE developer sent out a set of patches adding authentication support to the Btrfs file-system. Btrfs already has checksums on meta-data blocks and data blocks while the original implementation of these authentication patches was performing HMAC on a SHA256 checksum as a keyed hash. A proper key in turn is then needed to mount a verified file-system...

    http://www.phoronix.com/scan.php?pag...ntication-2020

  • #2
    Since I was confused about its usefulness (on the mailing list thread):
    I'm thinking of a way to verify that a non-encrypted generic boot+startup data hasn't been tampered with.
    So, not encrypted, but signed data.

    Comment


    • #3
      Originally posted by phoronix View Post
      Phoronix: Btrfs Authenticated File-System Support Looks To Be Revived

      Last year a SUSE developer sent out a set of patches adding authentication support to the Btrfs file-system. Btrfs already has checksums on meta-data blocks and data blocks while the original implementation of these authentication patches was performing HMAC on a SHA256 checksum as a keyed hash. A proper key in turn is then needed to mount a verified file-system...

      http://www.phoronix.com/scan.php?pag...ntication-2020
      It's nice and all, but I would rather have actual subvolume encryption without having to use LUKS or ecrypts.

      Comment


      • #4
        HMAC...

        I came across that acronym, yet I passed CompTIA Security+ exam, became certified as of December 12th, 2019, and yet I did not remember what HMAC stand for, but I did know it is a hashing algorithm if I remember correctly. A quick Googling told me it is Hash-based Message Authentication Code. Heh... Better remember that in the future.

        A quick look at "HMAC" in the article and it reminded me of CompTIA Security+.

        I'm still waiting for my job in IT during the pandemic. (sigh)

        Comment


        • #5
          Originally posted by jacob View Post

          It's nice and all, but I would rather have actual subvolume encryption without having to use LUKS or ecrypts.
          Personally I would much rather have per subvolume "RAID" levels

          http://www.dirtcellar.net

          Comment


          • #6
            Originally posted by waxhead View Post

            Personally I would much rather have per subvolume "RAID" levels
            Quite honestly, is there any point at all in using anything other than RAID 10?

            Comment


            • #7
              Originally posted by GraysonPeddie View Post
              I came across that acronym, yet I passed CompTIA Security+ exam, became certified as of December 12th, 2019, and yet I did not remember what HMAC stand for, but I did know it is a hashing algorithm if I remember correctly.
              Sounds about right for a CompTIA exam... You can pass by knowing what some acronym stands for or maybe what port number some protocol uses; not necessarily by understanding what it actually does. Just pay your CE dues, I suspect that's all they really want. I just renewed my Sec+ for another 3 years... I find this cert pretty useless personally but every job I've ever had in IT expects you to have it so I can't let it lapse

              Comment


              • #8
                Originally posted by jacob View Post

                Quite honestly, is there any point at all in using anything other than RAID 10?
                Yes, depending on your workload.

                RAID0 for throw away data (temp) where you don't need redundancy and can just restart (and copy from a good source) if it fails., RAID1 and especially RAID1c3 or RAID1c4 can be great (and even greater if you could *force* distribution) for many small file access where you need redundancy. RAID5 or RAID6 for storage maximization and of course RAID10 for everything else. Remember that RAID10 keeps half your disks busy at once for read, and all your disks busy at once for writes. The RAID1 profiles allows for more things happening at the same time. Same goes for the DUP and SINGLE profiles, but it may not be ideal unless you have a balanced filesystem to begin with of course.

                http://www.dirtcellar.net

                Comment


                • #9
                  Originally posted by GraysonPeddie View Post
                  HMAC...

                  I came across that acronym, yet I passed CompTIA Security+ exam, became certified as of December 12th, 2019, and yet I did not remember what HMAC stand for, but I did know it is a hashing algorithm if I remember correctly. A quick Googling told me it is Hash-based Message Authentication Code. Heh... Better remember that in the future.

                  A quick look at "HMAC" in the article and it reminded me of CompTIA Security+.

                  I'm still waiting for my job in IT during the pandemic. (sigh)
                  HMAC is when you compute a cryptographically secure hash of some input data + some private and secret data.

                  You can then send the data + the HMAC (or store on disk).

                  The receiver can later read in the data, do the same computation (using the same private and secret data) and see if the receiver gets the same HMAC value.

                  So it's a way to detect if data has been tampered with. So the data is signed, but not encrypted. And in difference to public-key encryption, but writer and reader needs the same secret additional data that is used when computing the hash.

                  Comment

                  Working...
                  X