[SERVER-58501] Disable WiredTiger checksums when using ESE AES-GCM Created: 13/Jul/21  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on WT-7841 add "only unencrypted" checksum confi... Closed
Assigned Teams:
Server Security
Participants:

 Description   

WiredTiger spends a significant amount of CPU time generating and validating per-page checksums. When using encryption with integrity protections, these checksums are not required. We should disable checksums when operating in AES-GCM mode. This is expected to measurably improve the performance of disk I/O.

This work would depend on the ability for WiredTiger to provide limited checksums for its metadata



 Comments   
Comment by Keith Bostic (Inactive) [ 14/Jul/21 ]

For the record, WiredTiger does checksum the parts of the block that are not encrypted.

Generated at Thu Feb 08 05:44:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.