Date: Wed, 22 Aug 2018 12:46:51 -0700 From: Sean Fagan <sef@ixsystems.com> To: Alan Somers <asomers@freebsd.org> Cc: Matthew Macy <mmacy@freebsd.org>, FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: Native Encryption for ZFS on FreeBSD CFT Message-ID: <8C65E4ED-9AF3-4469-9C5A-BF058D50C3F5@ixsystems.com> In-Reply-To: <CAOtMX2jaPZj1pQj2f_pzBFXCo6G2ksZ0=mQxCX0MxXnSJpEVuA@mail.gmail.com> References: <CAPrugNomNQQUZZNgngYRjDEVEU=_KbE2pgG4ajO1Jr4%2BGov2gQ@mail.gmail.com> <CAPrugNpKOYe9VS6Q-Q43t4i51qsxrP0SKW76208rtX-ENWxS5g@mail.gmail.com> <CAOtMX2jGQWm9ZFM_0kqvEt41xrm%2BFTpq6JVK4iK-c20NQjisRg@mail.gmail.com> <AD1101E9-9A3E-41CB-B313-1723123C607B@ixsystems.com> <CAOtMX2gvtzKg=DJChZdcYCiuADNVm9JvhgLNJ7bmwCLArgigjw@mail.gmail.com> <9FDF249A-E320-4652-834E-7EEC5C4FB7CA@ixsystems.com> <CAOtMX2iMuLWEQV68MTcvpURacXB5wZMT8yAYySisOfnmCNn=SA@mail.gmail.com> <E415D5A9-DBEE-45DC-9AE2-7E50A74B8C2D@ixsystems.com> <CAOtMX2jaPZj1pQj2f_pzBFXCo6G2ksZ0=mQxCX0MxXnSJpEVuA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Aug 22, 2018, at 12:35 PM, Alan Somers <asomers@freebsd.org> wrote: > Only encrypting L0 blocks also leaks a lot of information. That means that, if encryption is set to anything but "off", watermarking attacks will still be possible based on the size and sparsity of a file. Because I believe that with any encryption mode, ZFS turns continuous runs of zeros into holes. And I don't see anything in zio_crypt.c that addresses that. I’m not sure about that. However, with compression=off, dd if=/dev/zero of=bigfile bs=1m count=1024 results in a file that is 1565148 blocks (of 128k bytes), which supports your statement. With compression=on, it creates a 1 block file. Sean.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C65E4ED-9AF3-4469-9C5A-BF058D50C3F5>