some ZFS questions

Scott Bennett bennett at
Tue Aug 26 07:10:26 UTC 2014

kpneal at wrote:
> On Sun, Aug 24, 2014 at 05:27:41AM -0500, Scott Bennett wrote:
> > kpneal at wrote:
> > > What's the harm in encrypting all the data?
> > 
> >      High CPU overhead for both reading and writing is the main downside.
> Does this matter? Is the workload going to be so high or so latency sensitive
> that the added encryption will matter?

     Most of the time, probably not much.  But in some cases, it will
(e.g., copying multigigabyte-long files into ZFS).
> This whole thread has been through a number of ways to keep the encrypted
> and unencrypted data apart, but they all have important downsides. My
> question to you is "Is the benefit of the data segregation worth the cost
> in time and trouble?"
     Some years ago in the days before "geli init" automatically created
metadata backups in /var/backups, I inadvertently wiped out the geli metadata
on a partition and thereby lost all of it.  Thank goodness I didn't have
everything in one partition.  I also had wiped the MBR, but did have the
original map and could recreate the MBR, so I was able to retrieve all of
the unencrypted data.  I was eventually able to recreate a moderate portion
of the encrypted data, but that took a *lot* of my time.  From time to time,
I do make stupid mistakes, so I try to protect myself as much as I can from
> > >
> > > In fact, encrypting all data is more secure. If you only encrypt the data
> > 
> >      Sure, but why do it if the data don't need to be secret?
> Because segregating the data out might be more trouble than it is worth.
> > > that is secret then you've just told an attacker exactly what data it is
> > > you want secret.
> > >
> >      Umm...I don't see that that necessarily follows, except in one case,
> > namely, when the attacker already knows what all of the data are.
> Not true. If you have only some data encrypted then an attacker knows that
> by definition you don't want that data examined. What the data is is less
> important initially than the fact that the secrecy of that data is important
> _to_ _you_.
> You don't have to know a secret to know that a secret exists.
     Encrypting *any* files tells an attacker that much, or at least that
there *might* be a secret.  For my purposes, that much is unimportant.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:   bennett at   *xor*   bennett at  *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the freebsd-questions mailing list