tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [patch] cgd

> I'm of the opinion that integrity checking best belongs in the file
> system layer because it necessarily involves increasing the size
> of the data which for a pseudo-disk is very expensive indeed.  If
> you decide to break a single disk write into multiple writes then
> you must also necessarily maintain state on the disk of what you
> are doing in case you crash in the midst of a write.  This would
> involve turning each single sector write into at least three separate
> writes.  At the file system layer, you have no such problem and
> can preserve performance while also ensuring integrity.  (Unless
> you can present 500 byte sectors to the rest of the kernel.)

I'm fond of the scheme described in
(NDSS 2005).

                --Steve Bellovin,

Home | Main Index | Thread Index | Old Index