Date: Mon, 25 Aug 2014 16:12:14 -0400 From: Daniel Staal <DStaal@usa.net> To: freebsd-questions@freebsd.org Subject: Re: some ZFS questions Message-ID: <0C5CEDB044E788B85C2E0A0D@[192.168.1.50]> In-Reply-To: <20140825182440.GA57059@slackbox.erewhon.home> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <53FB0AFD.6010507@cyberleo.net> <20140825182440.GA57059@slackbox.erewhon.home>
index | next in thread | previous in thread | raw e-mail
--As of August 25, 2014 8:24:40 PM +0200, Roland Smith is alleged to have said: > On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote: >> On 08/24/2014 05:27 AM, Scott Bennett wrote: >> > kpneal@pobox.com wrote: >> >> What's the harm in encrypting all the data? >> > >> > High CPU overhead for both reading and writing is the main downside. >> >> AES-NI is fully supported for recent Intel CPUs, and can achieve some >> pretty impressive throughputs. >> >> >> >> >> In fact, encrypting all data is more secure. If you only encrypt the >> >> data >> > >> > Sure, but why do it if the data don't need to be secret? >> >> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk >> fails, you can't always erase it before sending it back for RMA >> replacement. > > Are you following some kind of complex protocol? With a bog-standard 7.5k > SATA drive on an Intel ICH9M controller I've measured write speeds (using > “dd if=/dev/zero”) of 85500000 bytes/s. That would mean approximately > 3.25 hours to wipe 3TB by filling it with zeroes. --As for the rest, it is mine. If he's in some sort of corporate environment there's probably a rule to use two-pass erasure or something, based on the AFSSI-5020 (or similar) standard. They don't care about probably: There's some lawyer or someone who wants to be *sure*, and found that rule that says that is sure. ;) If single-pass takes 3.25, two pass would be around 6.5 hours, right in the middle of that time range. At the very least, they'll have some rule on 'this at least must be done', and even 3.25 hours is a lot more than 'oh, it's all encrypted, so we don't have to wipe it'. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0C5CEDB044E788B85C2E0A0D>