Native Encryption for ZFS on FreeBSD CFT
Matthew Macy
mmacy at freebsd.org
Wed Aug 22 03:27:02 UTC 2018
On Tue, Aug 21, 2018 at 20:22 Alan Somers <asomers at freebsd.org> wrote:
> On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan <sef at ixsystems.com> wrote:
>
>> On Aug 21, 2018, at 8:11 PM, Alan Somers <asomers at freebsd.org> wrote:
>> > The last time I looked (which was a long time ago), Oracle's ZFS
>> encryption looked extremely vulnerable to watermarking attacks. Did
>> anybody ever fix that?
>>
>> This isn’t Oracle’s implementation, but I don’t know how compatible or
>> not it is with it.
>>
>> Sean.
>>
>
> It wasn't just an implementation problem, it was in the design. IIRC,
> Oracle's encryption allowed encrypted blocks to be deduplicated. There's
> pretty much no way to defend against watermarking attacks with such a
> design. Does the new encryption design have the same flaw?
>
I would ask the original developer that question (see the commit I linked
to). The current dedup Implementation is terrible, so there are very few
users of it.
-M
>
> -Alan
>
More information about the freebsd-fs
mailing list