Native Encryption for ZFS on FreeBSD CFT
Alan Somers
asomers at freebsd.org
Wed Aug 22 03:22:45 UTC 2018
On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan <sef at ixsystems.com> wrote:
> On Aug 21, 2018, at 8:11 PM, Alan Somers <asomers at freebsd.org> wrote:
> > The last time I looked (which was a long time ago), Oracle's ZFS
> encryption looked extremely vulnerable to watermarking attacks. Did
> anybody ever fix that?
>
> This isn’t Oracle’s implementation, but I don’t know how compatible or not
> it is with it.
>
> Sean.
>
It wasn't just an implementation problem, it was in the design. IIRC,
Oracle's encryption allowed encrypted blocks to be deduplicated. There's
pretty much no way to defend against watermarking attacks with such a
design. Does the new encryption design have the same flaw?
-Alan
More information about the freebsd-fs
mailing list