From owner-freebsd-current@FreeBSD.ORG Mon Aug 27 10:48:11 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2001E16A41B for ; Mon, 27 Aug 2007 10:48:11 +0000 (UTC) (envelope-from cptsalek@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.186]) by mx1.freebsd.org (Postfix) with ESMTP id A6F4213C467 for ; Mon, 27 Aug 2007 10:48:10 +0000 (UTC) (envelope-from cptsalek@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so2028794mue for ; Mon, 27 Aug 2007 03:48:09 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=fm/1xXOxnzxJfqFtw/9QURPRhLUX3HMA+KbGhbZ5BGMCecc23DFpP/jAMvt9yLcnKl7+46MGBHF/WWpEQoFV8xwog3KEH/VDCMTRNL91D0xcsG3JFyidQhk7AaLJspY2a44xjwXPPnQjVFlc9EFjC0XTOWOpunr07WbxlYRQQoU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=BqX9wCvR6KNX6vaZKz6uFl6mZqInTZsZjdeJX6bF38UzllHfH8hDm+k2qFmrkl5/LJEcebxBo6BdmmI4gkgzVrCOfvfSwC4MoJpp9FUqQ4gDzArtPBOq0D637iKDKlk0W1rMcq28xt6VyHS/95LzV3iP6TdyCh3B6sNlIumi278= Received: by 10.86.57.9 with SMTP id f9mr4832570fga.1188211688858; Mon, 27 Aug 2007 03:48:08 -0700 (PDT) Received: from fairy.alashan.de ( [79.196.52.140]) by mx.google.com with ESMTPS id k29sm3900348fkk.2007.08.27.03.48.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 27 Aug 2007 03:48:08 -0700 (PDT) Message-ID: <46D2C812.8090106@gmail.com> Date: Mon, 27 Aug 2007 12:48:18 +0000 From: Christian Walther User-Agent: Thunderbird 2.0.0.6 (X11/20070826) MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Encrypted zfs? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2007 10:48:11 -0000 Hello list, I'm currently using a zraid consisting of three drives. Lately I wonder what the best way would be to encrypt it. I read the chapter dealing with disk encryption in the handbook, and decided to use GELI. Is there anyone here on the list who has some experiences with ZFS on encrypted GELI devices? Are there some performance specs around? And what is even more important: What is the best of moving the zraid to encrypted devices? I can't remove one of the disks because they are in use. So I figure one way would be to buy another disk, set up encryption and add it to the pool. I could then remove one disk after the other, encrypt it, remove the (now broken one) from the zpool, and add the newly encrypted device. Since buying disks costs money I wonder how save it would be to follow this procedure without adding a new disk. From my point of view I'll loose redundancy as soon as I remove one of the three disks. But is there another problem or something dangerous I don't see her? Regards Christian