Date: Wed, 13 Sep 2023 12:33:39 +0100 From: Frank Leonhardt <freebsd-doc@fjl.co.uk> To: questions@freebsd.org Subject: Re: Is ZFS native encryption safe to use? Message-ID: <5d265cdf-00df-fc80-638b-84b13f1cbbbf@fjl.co.uk> In-Reply-To: <6b741e03-732e-f1b8-6340-0a8897fb8235@gmx.at> References: <NcUuVT_--3-9@tutanota.com> <0e7d2657-f857-01a8-f764-33b9c62c11f1@netfence.it> <de460855-d2a8-3125-1b64-bf5052e1e6ea@gmx.at> <f286ee12-8688-9a16-2c5e-e11fda8334f7@heuristicsystems.com.au> <6b741e03-732e-f1b8-6340-0a8897fb8235@gmx.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24/08/2023 13:08, infoomatic wrote: > On 24.08.23 00:43, Dewayne wrote: >> Thx for the performance hint. Were you using the same cipher on each? > > Yes, I have tried various combinations, but the difference was so huge > that I did not let the benchmarks finish cause I felt it was wasted time > and resources! > > >> On 23/08/2023 5:34 pm, infoomatic wrote: >>> last time (when 13.0 was released) I compared them: >>> >>> *) GELI + normal zfs was significantly faster than encrypted-zfs >>> *) encrypted zfs to share files between Linux and FreeBSD did not work >>> properly, resulting in Files non-readable on FreeBSD >>> Might be obvious, but I should make the point that if you use GELI to encrypt anything on FreeBSD, Linux won't be able to read it so it's just as much of a cross-platform problem as ZFS encryption not being portable. Another observation on the use cases - if you're backing up encrypted ZFS datasets the backups are encrypted; if you backup from GELI they will be clear unless you encrypt them again.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d265cdf-00df-fc80-638b-84b13f1cbbbf>