Date: Tue, 26 Aug 2014 02:10:21 -0500 From: Scott Bennett <bennett@sdf.org> To: kpneal@pobox.com Cc: freebsd-questions@freebsd.org Subject: Re: some ZFS questions Message-ID: <201408260710.s7Q7ALnc021359@sdf.org> In-Reply-To: <20140825003000.GA4221@neutralgood.org> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <20140825003000.GA4221@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
kpneal@pobox.com wrote:
> On Sun, Aug 24, 2014 at 05:27:41AM -0500, Scott Bennett wrote:
> > kpneal@pobox.com wrote:
> > > What's the harm in encrypting all the data?
> >
> > High CPU overhead for both reading and writing is the main downside.
>
> Does this matter? Is the workload going to be so high or so latency sensitive
> that the added encryption will matter?
Most of the time, probably not much. But in some cases, it will
(e.g., copying multigigabyte-long files into ZFS).
>
> This whole thread has been through a number of ways to keep the encrypted
> and unencrypted data apart, but they all have important downsides. My
> question to you is "Is the benefit of the data segregation worth the cost
> in time and trouble?"
>
Some years ago in the days before "geli init" automatically created
metadata backups in /var/backups, I inadvertently wiped out the geli metadata
on a partition and thereby lost all of it. Thank goodness I didn't have
everything in one partition. I also had wiped the MBR, but did have the
original map and could recreate the MBR, so I was able to retrieve all of
the unencrypted data. I was eventually able to recreate a moderate portion
of the encrypted data, but that took a *lot* of my time. From time to time,
I do make stupid mistakes, so I try to protect myself as much as I can from
them.
> > >
> > > In fact, encrypting all data is more secure. If you only encrypt the data
> >
> > Sure, but why do it if the data don't need to be secret?
>
> Because segregating the data out might be more trouble than it is worth.
>
> > > that is secret then you've just told an attacker exactly what data it is
> > > you want secret.
> > >
> > Umm...I don't see that that necessarily follows, except in one case,
> > namely, when the attacker already knows what all of the data are.
>
> Not true. If you have only some data encrypted then an attacker knows that
> by definition you don't want that data examined. What the data is is less
> important initially than the fact that the secrecy of that data is important
> _to_ _you_.
>
> You don't have to know a secret to know that a secret exists.
>
Encrypting *any* files tells an attacker that much, or at least that
there *might* be a secret. For my purposes, that much is unimportant.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408260710.s7Q7ALnc021359>