Native Encryption for ZFS on FreeBSD CFT
Sean Fagan
sef at ixsystems.com
Wed Aug 22 19:46:55 UTC 2018
On Aug 22, 2018, at 12:35 PM, Alan Somers <asomers at freebsd.org> wrote:
> Only encrypting L0 blocks also leaks a lot of information. That means that, if encryption is set to anything but "off", watermarking attacks will still be possible based on the size and sparsity of a file. Because I believe that with any encryption mode, ZFS turns continuous runs of zeros into holes. And I don't see anything in zio_crypt.c that addresses that.
I’m not sure about that. However, with compression=off,
dd if=/dev/zero of=bigfile bs=1m count=1024
results in a file that is 1565148 blocks (of 128k bytes), which supports your statement.
With compression=on, it creates a 1 block file.
Sean.
More information about the freebsd-fs
mailing list