On Fri, Jan 14, 2011 at 11:32:58AM -0800, Peter Taps wrote: > Ed, > > Thank you for sharing the calculations. In lay terms, for Sha256, how many > blocks of data would be needed to have one collision? > > Assuming each block is 4K is size, we probably can calculate the final data > size beyond which the collision may occur. This would enable us to make the > following statement: > > "With Sha256, you need verification to be turned on only if you are dealing > with more than xxxT of data."
Except that this is wrong question to ask. The question you can ask is "How many blocks of data do I need so collision probability is <X>%?". > Also, another related question. Why 256 bits was chosen and not 128 bits or > 512 bits? I guess Sha512 may be an overkill. In your formula, how many blocks > of data would be needed to have one collision using Sha128? There is no SHA128 and SHA512 has too long hash. Currently the maximum hash ZFS can handle is 32 bytes (256 bits). Wasting another 32 bytes without improving anything in practise wasn't probably worth it. BTW. As for SHA512 being slower it looks like it depends on implementation or SHA512 is faster to compute on 64bit CPU. On my laptop OpenSSL computes SHA256 55% _slower_ than SHA512. If this is a general rule, maybe it will be worth considering using SHA512 truncated to 256 bits to get more speed. -- Pawel Jakub Dawidek http://www.wheelsystems.com p...@freebsd.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpXQHlrciD1Y.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
