Date: Mon, 25 Aug 2014 16:12:14 -0400 From: Daniel Staal <DStaal@usa.net> To: freebsd-questions@freebsd.org Subject: Re: some ZFS questions Message-ID: <0C5CEDB044E788B85C2E0A0D@[192.168.1.50]> In-Reply-To: <20140825182440.GA57059@slackbox.erewhon.home> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <53FB0AFD.6010507@cyberleo.net> <20140825182440.GA57059@slackbox.erewhon.home>
next in thread | previous in thread | raw e-mail | index | archive | help
--As of August 25, 2014 8:24:40 PM +0200, Roland Smith is alleged to have=20 said: > On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote: >> On 08/24/2014 05:27 AM, Scott Bennett wrote: >> > kpneal@pobox.com wrote: >> >> What's the harm in encrypting all the data? >> > >> > High CPU overhead for both reading and writing is the main downside. >> >> AES-NI is fully supported for recent Intel CPUs, and can achieve some >> pretty impressive throughputs. >> >> >> >> >> In fact, encrypting all data is more secure. If you only encrypt the >> >> data >> > >> > Sure, but why do it if the data don't need to be secret? >> >> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk >> fails, you can't always erase it before sending it back for RMA >> replacement. > > Are you following some kind of complex protocol? With a bog-standard 7.5k > SATA drive on an Intel ICH9M controller I've measured write speeds (using > =E2=80=9Cdd if=3D/dev/zero=E2=80=9D) of 85500000 bytes/s. That would mean = approximately > 3.25 hours to wipe 3TB by filling it with zeroes. --As for the rest, it is mine. If he's in some sort of corporate environment there's probably a rule to=20 use two-pass erasure or something, based on the AFSSI-5020 (or similar)=20 standard. They don't care about probably: There's some lawyer or someone=20 who wants to be *sure*, and found that rule that says that is sure. ;) If = single-pass takes 3.25, two pass would be around 6.5 hours, right in the=20 middle of that time range. At the very least, they'll have some rule on 'this at least must be done',=20 and even 3.25 hours is a lot more than 'oh, it's all encrypted, so we don't = have to wipe it'. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0C5CEDB044E788B85C2E0A0D>