From nobody Wed Aug 23 01:02:25 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RVnxq2GPCz4qjY6 for ; Wed, 23 Aug 2023 01:02:39 +0000 (UTC) (envelope-from iio7@tutanota.com) Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.tutanota.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RVnxp3x3Tz3F0F for ; Wed, 23 Aug 2023 01:02:38 +0000 (UTC) (envelope-from iio7@tutanota.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tutanota.com header.s=s1 header.b=NropQo7n; spf=pass (mx1.freebsd.org: domain of iio7@tutanota.com designates 81.3.6.162 as permitted sender) smtp.mailfrom=iio7@tutanota.com; dmarc=pass (policy=quarantine) header.from=tutanota.com Received: from tutadb.w10.tutanota.de (unknown [192.168.1.10]) by w1.tutanota.de (Postfix) with ESMTP id F1BB1FBFB78 for ; Wed, 23 Aug 2023 01:02:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1692752545; s=s1; d=tutanota.com; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender; bh=RODrSSEoN/kZoHcAN5aqo2oxBnUGbyjpwbZMiF6yDPc=; b=NropQo7nYuIS+FvDRThFFVsgmwc+BuC2XOiMipKqipzBGTacfNvBjLBkTC4Oj1u5 jalil9VBuzsi3lVIYnEZzq0Ru5AskczM7ZStpSmzDl/+F6pXMo8Tkkkl+nPgXx+BzFk xusOFtXWRCjPfjcYprM/uEHGZ669XVR1pvXjRwUrkn6cUmjOijnjuXIRvASHu+wOquJ yQS0uba3Il8KB02RhyUf9IxIdHDjMVNvZ6jfd9DXcsiT5W+3YvcebL1NDgTmWl7dRMY 4TO+WtyCEjYUQw3jJ3bAdZqbyQG+HGYqGKY9HfSSN5h2sIYr00Yqvx7+MralMTVZmQK RacdfWAWqQ== Date: Wed, 23 Aug 2023 03:02:25 +0200 (CEST) From: iio7@tutanota.com To: Freebsd Questions Message-ID: Subject: Is ZFS native encryption safe to use? List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.29 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.992]; DMARC_POLICY_ALLOW(-0.50)[tutanota.com,quarantine]; RWL_MAILSPIKE_EXCELLENT(-0.40)[81.3.6.162:from]; R_DKIM_ALLOW(-0.20)[tutanota.com:s=s1]; R_SPF_ALLOW(-0.20)[+ip4:81.3.6.160/28]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:24679, ipnet:81.3.0.0/18, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; DKIM_TRACE(0.00)[tutanota.com:+]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_NO_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[] X-Spamd-Bar: --- X-Rspamd-Queue-Id: 4RVnxp3x3Tz3F0F There seems to be a bit of open (and rather old) ZFS native encryption bugs which still haven't been fixed and it doesn't look like it is something that is being working on. Last night I was going to move some important files from an unencrypted dataset to a new encrypted (ZFS native) one, but then got my doubts about doing that (looking at all the different open GitHub issues on OpenZFS). There exist some rumors about the original company which did the ZFS native encryption work (the person doing the work left the company), and they haven't done more since. What is the general experience running with ZFS native encryption on FreeBSD? Is it better to use GELI for the whole pool instead? Thanks. Kind regards.