From nobody Wed Aug 23 07:01:01 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RVxvP2DGFz4rCVj; Wed, 23 Aug 2023 07:01:05 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RVxvM5YZ0z4T7w; Wed, 23 Aug 2023 07:01:03 +0000 (UTC) (envelope-from grarpamp@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20221208 header.b="r3yW5xB/"; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::e35 as permitted sender) smtp.mailfrom=grarpamp@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-vs1-xe35.google.com with SMTP id ada2fe7eead31-44768034962so1433032137.3; Wed, 23 Aug 2023 00:01:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692774062; x=1693378862; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jbbumfMBS6kgzZySLkqvt+t5wpDn5ebO+ds+o1D2tOw=; b=r3yW5xB/WuYwmX0VRi0/S3hUHFJXST20hYGkVuB0k+WyLvVP5I3W8X+qNI7kwA/rFH BQg5ZpdLNfXS75YjxoiRaAkYjZ24qwJQUHMueWVpi7iet6v4arU5bXc11fpF3ugka7rm /1TInP3xoY/s2sz2qrIbkcMGyOZUZpLJFiQ98QttwXZ5cmorCYqLbfS4DK2R5pL4bv6r p8bE/N0StuUf0TbPRAVGkVSG8/wzwc69zbWT7zbMnYqt9378NL2hA5r7hiB0vgrTPkzI nwCDzWmbC42P+RKs36J+UvD5GbBR2y/fwAkZYOizG4l9erujP7Dv4o7CIMYdLGGPzJbA QsSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692774062; x=1693378862; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jbbumfMBS6kgzZySLkqvt+t5wpDn5ebO+ds+o1D2tOw=; b=CjgoKXgZYb5JqrbRUj5TT6l5eTx8qsixQhV/T+hKVjGw/XS7A0BG/SOZh28dtgWE0/ Wh9Ns6o2Daqn9f6r5wa07v1tZNu93ou8lytNq9Dz3obZpLPA5G4d8TgdN01vxHDCdLas T4EyrwAC4v05FnIHnirFjl17N5uRNbt4/gs7FbVpFknmNjBcspiL2hMTBjAdR9Z9h+sm jI3oHFGnQbrtWj4CPeirgghK+43MCNP4SIei4vq0rz4BUP430tbNMmqvFOeeaUs6O4+O QgDHzsK7P5sWB+opDhewvz8EgjOamDpFQ34WgFSJurXWZG0kyLJ8DnUvM3ga+krA5dN1 TobA== X-Gm-Message-State: AOJu0YzrVck+mOnCNkdkr+PEk5Thk0E2FJXraJ7VoQFILT4c58f/9h32 vYrF47cOmKXNPk/u+U/RJ4WqbZsJiHGfsCZtqZJ7vVkaoRA= X-Google-Smtp-Source: AGHT+IGVKx2OsrW+xipgtwwLv7uzPo49xY+xsWOasPVpaoegZm/NYYSDUcQIc+rzd1RViKzW2in3PBP9j1mIzb/jepA= X-Received: by 2002:a67:fd0f:0:b0:44a:c20a:ebb1 with SMTP id f15-20020a67fd0f000000b0044ac20aebb1mr6841243vsr.13.1692774062286; Wed, 23 Aug 2023 00:01:02 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Received: by 2002:a59:9fc1:0:b0:3ed:209f:4d2d with HTTP; Wed, 23 Aug 2023 00:01:01 -0700 (PDT) In-Reply-To: References: From: grarpamp Date: Wed, 23 Aug 2023 03:01:01 -0400 Message-ID: Subject: Re: Is ZFS native encryption safe to use? To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-2.81 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.81)[-0.810]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e35:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org,freebsd-security@freebsd.org]; REDIRECTOR_URL(0.00)[twitter.com]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_NONE(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DKIM_TRACE(0.00)[gmail.com:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4RVxvM5YZ0z4T7w On 8/22/23, iio7@tutanota.com wrote: > There seems to be a bit of open (and rather old) ZFS native encryption > bugs which still haven't been fixed and it doesn't look like it is > something that is being working on. > > Last night I was going to move some important files from an unencrypted > dataset to a new encrypted (ZFS native) one, but then got my doubts > about doing that (looking at all the different open GitHub issues on > OpenZFS). > > There exist some rumors about the original company which did the ZFS > native encryption work (the person doing the work left the company), > and they haven't done more since. > > What is the general experience running with ZFS native encryption on > FreeBSD? Is it better to use GELI for the whole pool instead? Neither GELI, nor the rest of the crypto subsystem, nor the kernel, nor userland... has ever undergone anything close to a real security audit, let alone an independent one, let alone been formally verified. And agents, moles, malactors, bugs, and worse are running rampant across the entire computing spectrum... from fab, to shipping, to OS and crypto development, to magic packets, to telecom, to phones, to firmware, software, apps, and updates, BGP, your ISP, frontdoor, backdoor, back orifice, and more. Your use of any crypto, on any operating system, on any hardware platform, on any network, is entirely at your own risk. Still lots of fun yet to be had... #OpenFabs , #OpenHW , #OpenAudit , #FormalVerification , #CryptoCrowdFunding , #OpenTrust , #GuerrillaNets , #P2PFiber , #GNURadioRF , #PrivacyCoins , #DropGangs , ... -- https://www.youtube.com/watch?v=xWAwK2fHArc https://www.youtube.com/watch?v=_U3lEc-IFr8 https://duckduckgo.com/?ia=videos&iax=videos&q=voluntaryism https://odysee.com/@Anarchast:2 https://bitchute.com/ || https://rumble.com/ https://twitter.com/NameRedacted247 https://libertarianinstitute.org/books/voluntaryist-handbook/