From owner-freebsd-questions@FreeBSD.ORG Mon Aug 25 20:12:22 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3FFE67E9 for ; Mon, 25 Aug 2014 20:12:22 +0000 (UTC) Received: from mail.magehandbook.com (173-8-4-45-WashingtonDC.hfc.comcastbusiness.net [173.8.4.45]) by mx1.freebsd.org (Postfix) with ESMTP id 158BA3776 for ; Mon, 25 Aug 2014 20:12:21 +0000 (UTC) Received: from [192.168.1.50] (Mac-Pro.magehandbook.com [192.168.1.50]) by mail.magehandbook.com (Postfix) with ESMTP id 3hhkyQ4WH1zPq for ; Mon, 25 Aug 2014 16:12:14 -0400 (EDT) Date: Mon, 25 Aug 2014 16:12:14 -0400 From: Daniel Staal To: freebsd-questions@freebsd.org Subject: Re: some ZFS questions Message-ID: <0C5CEDB044E788B85C2E0A0D@[192.168.1.50]> In-Reply-To: <20140825182440.GA57059@slackbox.erewhon.home> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <53FB0AFD.6010507@cyberleo.net> <20140825182440.GA57059@slackbox.erewhon.home> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2014 20:12:22 -0000 --As of August 25, 2014 8:24:40 PM +0200, Roland Smith is alleged to have=20 said: > On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote: >> On 08/24/2014 05:27 AM, Scott Bennett wrote: >> > kpneal@pobox.com wrote: >> >> What's the harm in encrypting all the data? >> > >> > High CPU overhead for both reading and writing is the main downside. >> >> AES-NI is fully supported for recent Intel CPUs, and can achieve some >> pretty impressive throughputs. >> >> >> >> >> In fact, encrypting all data is more secure. If you only encrypt the >> >> data >> > >> > Sure, but why do it if the data don't need to be secret? >> >> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk >> fails, you can't always erase it before sending it back for RMA >> replacement. > > Are you following some kind of complex protocol? With a bog-standard 7.5k > SATA drive on an Intel ICH9M controller I've measured write speeds (using > =E2=80=9Cdd if=3D/dev/zero=E2=80=9D) of 85500000 bytes/s. That would mean = approximately > 3.25 hours to wipe 3TB by filling it with zeroes. --As for the rest, it is mine. If he's in some sort of corporate environment there's probably a rule to=20 use two-pass erasure or something, based on the AFSSI-5020 (or similar)=20 standard. They don't care about probably: There's some lawyer or someone=20 who wants to be *sure*, and found that rule that says that is sure. ;) If = single-pass takes 3.25, two pass would be around 6.5 hours, right in the=20 middle of that time range. At the very least, they'll have some rule on 'this at least must be done',=20 and even 3.25 hours is a lot more than 'oh, it's all encrypted, so we don't = have to wipe it'. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------