From owner-freebsd-questions@FreeBSD.ORG Tue Aug 26 07:10:25 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CF7F92C5 for ; Tue, 26 Aug 2014 07:10:25 +0000 (UTC) Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ACBE530B8 for ; Tue, 26 Aug 2014 07:10:25 +0000 (UTC) Received: from sdf.org (IDENT:bennett@sdf.lonestar.org [192.94.73.15]) by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s7Q7ALoA006462 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO); Tue, 26 Aug 2014 07:10:21 GMT Received: (from bennett@localhost) by sdf.org (8.14.8/8.12.8/Submit) id s7Q7ALnc021359; Tue, 26 Aug 2014 02:10:21 -0500 (CDT) From: Scott Bennett Message-Id: <201408260710.s7Q7ALnc021359@sdf.org> Date: Tue, 26 Aug 2014 02:10:21 -0500 To: kpneal@pobox.com Subject: Re: some ZFS questions References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <20140825003000.GA4221@neutralgood.org> In-Reply-To: <20140825003000.GA4221@neutralgood.org> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2014 07:10:26 -0000 kpneal@pobox.com wrote: > On Sun, Aug 24, 2014 at 05:27:41AM -0500, Scott Bennett wrote: > > kpneal@pobox.com wrote: > > > What's the harm in encrypting all the data? > > > > High CPU overhead for both reading and writing is the main downside. > > Does this matter? Is the workload going to be so high or so latency sensitive > that the added encryption will matter? Most of the time, probably not much. But in some cases, it will (e.g., copying multigigabyte-long files into ZFS). > > This whole thread has been through a number of ways to keep the encrypted > and unencrypted data apart, but they all have important downsides. My > question to you is "Is the benefit of the data segregation worth the cost > in time and trouble?" > Some years ago in the days before "geli init" automatically created metadata backups in /var/backups, I inadvertently wiped out the geli metadata on a partition and thereby lost all of it. Thank goodness I didn't have everything in one partition. I also had wiped the MBR, but did have the original map and could recreate the MBR, so I was able to retrieve all of the unencrypted data. I was eventually able to recreate a moderate portion of the encrypted data, but that took a *lot* of my time. From time to time, I do make stupid mistakes, so I try to protect myself as much as I can from them. > > > > > > In fact, encrypting all data is more secure. If you only encrypt the data > > > > Sure, but why do it if the data don't need to be secret? > > Because segregating the data out might be more trouble than it is worth. > > > > that is secret then you've just told an attacker exactly what data it is > > > you want secret. > > > > > Umm...I don't see that that necessarily follows, except in one case, > > namely, when the attacker already knows what all of the data are. > > Not true. If you have only some data encrypted then an attacker knows that > by definition you don't want that data examined. What the data is is less > important initially than the fact that the secrecy of that data is important > _to_ _you_. > > You don't have to know a secret to know that a secret exists. > Encrypting *any* files tells an attacker that much, or at least that there *might* be a secret. For my purposes, that much is unimportant. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************