[SERVER-58501] Disable WiredTiger checksums when using ESE AES-GCM Created: 13/Jul/21 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
WiredTiger spends a significant amount of CPU time generating and validating per-page checksums. When using encryption with integrity protections, these checksums are not required. We should disable checksums when operating in AES-GCM mode. This is expected to measurably improve the performance of disk I/O. This work would depend on the ability for WiredTiger to provide limited checksums for its metadata |
| Comments |
| Comment by Keith Bostic (Inactive) [ 14/Jul/21 ] |
|
For the record, WiredTiger does checksum the parts of the block that are not encrypted. |