Date: Tue, 21 Aug 2018 20:26:50 -0700 From: Matthew Macy <mmacy@freebsd.org> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, Sean Fagan <sef@ixsystems.com>, freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: Native Encryption for ZFS on FreeBSD CFT Message-ID: <CAPrugNpbAfd2pM1w5-GrdfaWPMr4UURa29zUPwOJyHNrpO341g@mail.gmail.com> In-Reply-To: <CAOtMX2gvtzKg=DJChZdcYCiuADNVm9JvhgLNJ7bmwCLArgigjw@mail.gmail.com> References: <CAPrugNomNQQUZZNgngYRjDEVEU=_KbE2pgG4ajO1Jr4%2BGov2gQ@mail.gmail.com> <CAPrugNpKOYe9VS6Q-Q43t4i51qsxrP0SKW76208rtX-ENWxS5g@mail.gmail.com> <CAOtMX2jGQWm9ZFM_0kqvEt41xrm%2BFTpq6JVK4iK-c20NQjisRg@mail.gmail.com> <AD1101E9-9A3E-41CB-B313-1723123C607B@ixsystems.com> <CAOtMX2gvtzKg=DJChZdcYCiuADNVm9JvhgLNJ7bmwCLArgigjw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 21, 2018 at 20:22 Alan Somers <asomers@freebsd.org> wrote: > On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan <sef@ixsystems.com> wrote: > >> On Aug 21, 2018, at 8:11 PM, Alan Somers <asomers@freebsd.org> wrote: >> > The last time I looked (which was a long time ago), Oracle's ZFS >> encryption looked extremely vulnerable to watermarking attacks. Did >> anybody ever fix that? >> >> This isn=E2=80=99t Oracle=E2=80=99s implementation, but I don=E2=80=99t = know how compatible or >> not it is with it. >> >> Sean. >> > > It wasn't just an implementation problem, it was in the design. IIRC, > Oracle's encryption allowed encrypted blocks to be deduplicated. There's > pretty much no way to defend against watermarking attacks with such a > design. Does the new encryption design have the same flaw? > I would ask the original developer that question (see the commit I linked to). The current dedup Implementation is terrible, so there are very few users of it. -M > > -Alan >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPrugNpbAfd2pM1w5-GrdfaWPMr4UURa29zUPwOJyHNrpO341g>