some ZFS questions
Scott Bennett
bennett at sdf.org
Tue Aug 26 07:10:26 UTC 2014
kpneal at pobox.com wrote:
> On Sun, Aug 24, 2014 at 05:27:41AM -0500, Scott Bennett wrote:
> > kpneal at pobox.com wrote:
> > > What's the harm in encrypting all the data?
> >
> > High CPU overhead for both reading and writing is the main downside.
>
> Does this matter? Is the workload going to be so high or so latency sensitive
> that the added encryption will matter?
Most of the time, probably not much. But in some cases, it will
(e.g., copying multigigabyte-long files into ZFS).
>
> This whole thread has been through a number of ways to keep the encrypted
> and unencrypted data apart, but they all have important downsides. My
> question to you is "Is the benefit of the data segregation worth the cost
> in time and trouble?"
>
Some years ago in the days before "geli init" automatically created
metadata backups in /var/backups, I inadvertently wiped out the geli metadata
on a partition and thereby lost all of it. Thank goodness I didn't have
everything in one partition. I also had wiped the MBR, but did have the
original map and could recreate the MBR, so I was able to retrieve all of
the unencrypted data. I was eventually able to recreate a moderate portion
of the encrypted data, but that took a *lot* of my time. From time to time,
I do make stupid mistakes, so I try to protect myself as much as I can from
them.
> > >
> > > In fact, encrypting all data is more secure. If you only encrypt the data
> >
> > Sure, but why do it if the data don't need to be secret?
>
> Because segregating the data out might be more trouble than it is worth.
>
> > > that is secret then you've just told an attacker exactly what data it is
> > > you want secret.
> > >
> > Umm...I don't see that that necessarily follows, except in one case,
> > namely, when the attacker already knows what all of the data are.
>
> Not true. If you have only some data encrypted then an attacker knows that
> by definition you don't want that data examined. What the data is is less
> important initially than the fact that the secrecy of that data is important
> _to_ _you_.
>
> You don't have to know a secret to know that a secret exists.
>
Encrypting *any* files tells an attacker that much, or at least that
there *might* be a secret. For my purposes, that much is unimportant.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the freebsd-questions
mailing list