--read-data equivalence

aliron19 · April 14, 2019, 6:47pm

Hello,

Using restic v0.9.4 under Windows 10 Pro, with a repo stored on an external USB hard drive, if I check the repo it’s really fast (under 5 minutes), while adding --read-data it’s very slow (around 7 GBytes per hour).

However, as --read-data recursively checks the SHA-256 of every file in the data/ directory, and using an external tool to verify the SHA-256 of that directory is much faster (around 20 times faster) than running restic -r repo check --read-data, my question is, would these two operations be equivalent?:

Run restic -r repo check and then, verify (with an external tool) the SHA-256 of the files under data/
Run restic -r repo check --read-data

If not, what else is --read-data doing above a simple check and then SHA-256(data/)?

Thank you.

dionorgua · April 15, 2019, 7:24am

As far as I understand, --read-data doesn’t check for file_name == sha256(content) at all. Instead it actually tries to split that pack file to blobs, decrypt everything and compares decrypted blob hash with expected value from index.

So everything depends on how much you trust your machine (RAM, etc). If some memory corruption (or even some bug in restic itself) happens during backup, you may not detect it with just sha256sum.

At the same time if you just want to make sure that files were not corrupted after backup, it should be enough to use sha256sum.