[145030] in cryptography@c2.net mail archive
Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto
daemon@ATHENA.MIT.EDU (David-Sarah Hopwood)
Fri Nov 6 10:49:25 2009
Date: Wed, 04 Nov 2009 04:38:05 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
To: cryptography@metzdowd.com
In-Reply-To: <4AF0FEDB.4080907@jacaranda.org>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC48C7A8EA982EC8231FB8CBF
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
David-Sarah Hopwood wrote:
> Straw-man suggestion:
>=20
> mac =3D MAC[dataset_mac_key](plaintext)
> iv =3D Hash1(mac)
> ciphertext =3D Encrypt[dataset_enc_key](iv, plaintext)
>=20
> Store (mac, Hash2(ciphertext)) in the block pointer.
> Use Hash2(ciphertext) as a dedupe tag.
Actually, there's nothing to prevent using both mac and Hash2(ciphertext)=
as a dedupe tag in this scheme. It probably isn't necessary, but can't hu=
rt,
and might help if weaknesses were found in SHA-256.
--=20
David-Sarah Hopwood =E2=9A=A5 http://davidsarah.livejournal.com
--------------enigC48C7A8EA982EC8231FB8CBF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAkrxBTgACgkQWUc8YzyzqAfymQD/aGLKCiE/NECNpjw097d8/fGj
WH+4i3j3j9nTWfuazcEA/3yIE/PfreqdBl/viSlG5IjNwqooPf4dDnvemF6Sybq0
=okho
-----END PGP SIGNATURE-----
--------------enigC48C7A8EA982EC8231FB8CBF--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
