On 4/8/19 3:44 PM, Austin S. Hemmelgarn wrote: > On 2019-04-08 07:27, Leonid Bloch wrote: >> Hi List, >> >> Can you suggest a way of cryptographically verifying the content of a >> btrfs subvolume, besides the naïve approach, of running a cryptographic >> hash function on the output of btrfs send? > Running BTRFS on top of dm-integrity and dm-crypt with them set up to > provide AEAD-style encryption comes to mind as an option, and would > actually provide a much higher level of verification than just verifying > the content of a subvolume (it will verify the entire filesystem). Thanks! That's actually a good point, I would like to verify a specific subvolume(s), while on others the content can change. That's a good point cause it shows that I was wrong assuming that btrfs scrub would help - it will scrub the entire filesystem as well, and compare checksums internally, which is not what I want - I want to compare to some external checksum. Sorry for the confusion there. >> >> Back in 2014, an RFC patch was sent to allow using sha256 instead of >> crc32c for checksumming. >> (https://patchwork.kernel.org/patch/5363311) >> It was not merged. Had it been merged, one could just check the return >> value of btrfs scrub, instead of checksumming the whole btrfs send >> output, correct? > In theory yes, provided you just want hashes and not an HMAC.
