From owner-freebsd-questions@FreeBSD.ORG Sun Aug 24 10:27:43 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ADE56FE3 for ; Sun, 24 Aug 2014 10:27:43 +0000 (UTC) Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 727123E81 for ; Sun, 24 Aug 2014 10:27:42 +0000 (UTC) Received: from sdf.org (IDENT:bennett@sdf.lonestar.org [192.94.73.15]) by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s7OARfOM007153 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO); Sun, 24 Aug 2014 10:27:42 GMT Received: (from bennett@localhost) by sdf.org (8.14.8/8.12.8/Submit) id s7OARfEK004658; Sun, 24 Aug 2014 05:27:41 -0500 (CDT) From: Scott Bennett Message-Id: <201408241027.s7OARfEK004658@sdf.org> Date: Sun, 24 Aug 2014 05:27:41 -0500 To: kpneal@pobox.com Subject: Re: some ZFS questions References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> In-Reply-To: <20140822005911.GA52625@neutralgood.org> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2014 10:27:43 -0000 kpneal@pobox.com wrote: > What's the harm in encrypting all the data? High CPU overhead for both reading and writing is the main downside. > > In fact, encrypting all data is more secure. If you only encrypt the data Sure, but why do it if the data don't need to be secret? > that is secret then you've just told an attacker exactly what data it is > you want secret. > Umm...I don't see that that necessarily follows, except in one case, namely, when the attacker already knows what all of the data are. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************