Print this page
4185 New hash algorithm support

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man5/zpool-features.5
          +++ new/usr/src/man/man5/zpool-features.5
↓ open down ↓ 264 lines elided ↑ open up ↑
 265  265  .TE
 266  266  
 267  267  This feature allows a dump device to be configured with a pool comprised
 268  268  of multiple vdevs.  Those vdevs may be arranged in any mirrored or raidz
 269  269  configuration.
 270  270  
 271  271  When the \fBmulti_vdev_crash_dump\fR feature is set to \fBenabled\fR,
 272  272  the administrator can use the \fBdumpadm\fR(1M) command to configure a
 273  273  dump device on a pool comprised of multiple vdevs.
 274  274  
      275 +.RE
      276 +
      277 +.sp
      278 +.ne 2
      279 +.na
      280 +\fB\fBsha512\fR\fR
      281 +.ad
      282 +.RS 4n
      283 +.TS
      284 +l l .
      285 +GUID    org.illumos:sha512
      286 +READ\-ONLY COMPATIBLE   no
      287 +DEPENDENCIES    none
      288 +.TE
      289 +
      290 +This feature enables the use of the SHA-512/256 truncated hash algorithm
      291 +(FIPS 180-4) for checksum and dedup. The native 64-bit arithemtic of
      292 +SHA-512 provides an approximate 50% performance boost over SHA-256 on
      293 +64-bit hardware and is thus a good minimum-change replacement candidate
      294 +for systems where hash performance is important, but these systems
      295 +cannot for whatever reason utilize the faster \fBskein\fR and
      296 +\fBedonr\fR algorithms.
      297 +
      298 +When the \fBsha512\fR feature is set to \fBenabled\fR, the administrator
      299 +can turn on the \fBsha512\fR checksum on any dataset using the
      300 +\fBzfs\fR(1M) command. Please note that doing so will immediately
      301 +activate the \fBsha512\fR feature on the underlying pool (even before
      302 +any data is written). Since this feature is not read-only compatible,
      303 +this operation will render the pool unimportable on systems without
      304 +support for the \fBsha512\fR feature. At the moment, this operation
      305 +cannot be reversed. Booting off of pools utilizing SHA-512/256 is
      306 +supported, provided that the appropriate GRUB stage2 module is
      307 +installed.
      308 +
      309 +.RE
      310 +
      311 +.sp
      312 +.ne 2
      313 +.na
      314 +\fB\fBskein\fR\fR
      315 +.ad
      316 +.RS 4n
      317 +.TS
      318 +l l .
      319 +GUID    org.illumos:skein
      320 +READ\-ONLY COMPATIBLE   no
      321 +DEPENDENCIES    none
      322 +.TE
      323 +
      324 +This feature enables the use of the Skein hash algorithm for checksum
      325 +and dedup. Skein is a high-performance secure hash algorithm that was a
      326 +finalist in the NIST SHA-3 competition. It provides a very high security
      327 +margin and high performance on 64-bit hardware (80% faster than
      328 +SHA-256). This implementation also utilizes the new salted checksumming
      329 +functionality in ZFS, which means that the checksum is pre-seeded with a
      330 +secret 256-bit random key (stored on the pool) before being fed the data
      331 +block to be checksummed. Thus the produced checksums are unique to a
      332 +given pool, preventing hash collision attacks on systems with dedup.
      333 +
      334 +When the \fBskein\fR feature is set to \fBenabled\fR, the administrator
      335 +can turn on the \fBskein\fR checksum on any dataset using the
      336 +\fBzfs\fR(1M) command. Please note that doing so will immediately
      337 +activate the \fBskein\fR feature on the underlying pool (even before any
      338 +data is written). Since this feature is not read-only compatible, this
      339 +operation will render the pool unimportable on systems without support
      340 +for the \fBskein\fR feature. At the moment, this operation cannot be
      341 +reversed. Booting off of pools using \fBskein\fR is \fBNOT\fR supported
      342 +-- any attempt to enable \fBskein\fR on a root pool will fail with an
      343 +error.
      344 +
      345 +.RE
      346 +
      347 +.sp
      348 +.ne 2
      349 +.na
      350 +\fB\fBedonr\fR\fR
      351 +.ad
      352 +.RS 4n
      353 +.TS
      354 +l l .
      355 +GUID    org.illumos:edonr
      356 +READ\-ONLY COMPATIBLE   no
      357 +DEPENDENCIES    none
      358 +.TE
      359 +
      360 +This feature enables the use of the Edon-R hash algorithm for checksum
      361 +and dedup. Edon-R is a very high-performance hash algorithm that was part
      362 +of the NIST SHA-3 competition. It provides extremely high hash
      363 +performance (over 350% faster than SHA-256), but was not selected
      364 +because of its unsuitability as a general purpose secure hash algorithm.
      365 +This implementation utilizes the new salted checksumming functionality
      366 +in ZFS, which means that the checksum is pre-seeded with a secret
      367 +256-bit random key (stored on the pool) before being fed the data block
      368 +to be checksummed. Thus the produced checksums are unique to a given
      369 +pool, blocking hash collision attacks on systems with dedup.
      370 +
      371 +When the \fBedonr\fR feature is set to \fBenabled\fR, the administrator
      372 +can turn on the \fBedonr\fR checksum on any dataset using the
      373 +\fBzfs\fR(1M) command. Please note that doing so will immediately
      374 +activate the \fBedonr\fR feature on the underlying pool (even before any
      375 +data is written). Since this feature is not read-only compatible, this
      376 +operation will render the pool unimportable on systems without support
      377 +for the \fBedonr\fR feature. At the moment, this operation cannot be
      378 +reversed. Booting off of pools using \fBedonr\fR is \fBNOT\fR supported
      379 +-- any attempt to enable \fBedonr\fR on a root pool will fail with an
      380 +error.
      381 +
 275  382  .SH "SEE ALSO"
 276  383  \fBzpool\fR(1M)
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX