some ZFS questions

Daniel Staal DStaal at usa.net
Mon Aug 25 20:12:22 UTC 2014 

--As of August 25, 2014 8:24:40 PM +0200, Roland Smith is alleged to have 
said:

> On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote:
>> On 08/24/2014 05:27 AM, Scott Bennett wrote:
>> > kpneal at pobox.com wrote:
>> >> What's the harm in encrypting all the data?
>> >
>> > High CPU overhead for both reading and writing is the main downside.
>>
>> AES-NI is fully supported for recent Intel CPUs, and can achieve some
>> pretty impressive throughputs.
>>
>> >>
>> >> In fact, encrypting all data is more secure. If you only encrypt the
>> >> data
>> >
>> > Sure, but why do it if the data don't need to be secret?
>>
>> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk
>> fails, you can't always erase it before sending it back for RMA
>> replacement.
>
> Are you following some kind of complex protocol? With a bog-standard 7.5k
> SATA drive on an Intel ICH9M controller I've measured write speeds (using
> “dd if=/dev/zero”) of 85500000 bytes/s. That would mean approximately
> 3.25 hours to wipe 3TB by filling it with zeroes.

--As for the rest, it is mine.

If he's in some sort of corporate environment there's probably a rule to 
use two-pass erasure or something, based on the AFSSI-5020 (or similar) 
standard.  They don't care about probably: There's some lawyer or someone 
who wants to be *sure*, and found that rule that says that is sure.  ;)  If 
single-pass takes 3.25, two pass would be around 6.5 hours, right in the 
middle of that time range.

At the very least, they'll have some rule on 'this at least must be done', 
and even 3.25 hours is a lot more than 'oh, it's all encrypted, so we don't 
have to wipe it'.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------

More information about the freebsd-questions mailing list