Date: Mon, 25 Aug 2014 20:24:40 +0200 From: Roland Smith <rsmith@xs4all.nl> To: CyberLeo Kitsana <cyberleo@cyberleo.net> Cc: Scott Bennett <bennett@sdf.org>, freebsd-questions@freebsd.org, kpneal@pobox.com Subject: Re: some ZFS questions Message-ID: <20140825182440.GA57059@slackbox.erewhon.home> In-Reply-To: <53FB0AFD.6010507@cyberleo.net> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <53FB0AFD.6010507@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote:
> On 08/24/2014 05:27 AM, Scott Bennett wrote:
> > kpneal@pobox.com wrote:
> >> What's the harm in encrypting all the data?
> >
> > High CPU overhead for both reading and writing is the main downside.
>
> AES-NI is fully supported for recent Intel CPUs, and can achieve some
> pretty impressive throughputs.
>
> >>
> >> In fact, encrypting all data is more secure. If you only encrypt the data
> >
> > Sure, but why do it if the data don't need to be secret?
>
> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk
> fails, you can't always erase it before sending it back for RMA replacement.
Are you following some kind of complex protocol? With a bog-standard 7.5k SATA
drive on an Intel ICH9M controller I've measured write speeds (using “dd if=/dev/zero”)
of 85500000 bytes/s. That would mean approximately 3.25 hours to wipe 3TB by
filling it with zeroes.
With modern drives the data density is so high that it is almost impossible to
retrieve single overwritten bits, let alone bytes or files if the complete
disks was filled with zeroes. And this includes the situation where a magnetic
force microscopy (“MFM”) is used. [1][2]
Also see the "Further Epilogue" to Gutmann's original article (see [2], scroll
to the end);
Any modern drive will most likely be a hopeless task, what with ultra-high
densities and use of perpendicular recording I don't see how MFM would even
get a usable image, and then the use of EPRML will mean that even if you could
magically transfer some sort of image into a file, the ability to decode that
to recover the original data would be quite challenging.
[1]: http://vocaro.com/trevor/blog/2006/09/18/the-myth-of-the-gutmann-method/comment-page-1/#comment-156068
[2]: https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
If some government agency want access to your data they can probably find an
excuse to subpeona your backup tapes rather than futz around trying to recover
erased data.
Roland
--
R.F.Smith http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJT+39oAAoJEED21dyjijPgU2gP/AggY1Xw7mXM+ic/vkoLZvK/
zJeBhtG6El+HB6/3xsg+pzVowUl5DAKebNsCIxOfEjV2Ln9SwuUJlDeh6SGE2c/C
8Eu8SRMHRaF8fvqca8d+q78LosNc645mr85OBgSYQ/2u1yKrijcpFydwYRo1igUV
XuqrSEVPm8yBS56lwW/kVvS8MPUJ/5QcEUgQTC9UB0yF+J5pG8gI5zcqrTzLkLD7
IDqiqqtk7XwlaJKpOwiKC6osHmrvmLcE/D9StLovFzzRjxolZcsnx390AfS2Rd5z
7z2FswBk2Y0RD6c5gsl++cjyS8HR2Kwb2pi0ocK7BTzMxYV6KY81f32fkIMtN3Rh
IXkQUk9bTDaxh2KYJ6XANzNDJqCMHrk/qAClaQ5aOiXtzL+nOux9R71bsrLmm97M
s5LcZ0vmHf0KccCIyFwJPQpAyGMu17AEF7aqHxwk+qbGsT2BovwPMbw2V87tHORS
e8gXLZlp8fbks89Z1vNbVBLrckzfcpM2PBwJqM5REiux1LTRKiDH075554RJSjuz
llWmUeKSiE6dPx5u2nhWUFDFVx5ybroO6rVy0hHYI3CEJ/SaHudGZys4V/A988V8
D4KrQQD3FmBkCS7KOMBRBI4LeUUzLGmrneFR6+le3CqdDBolEmJwZoFMWrXyr2f/
b7v+hxImjJIDafA/c298
=r8Mh
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140825182440.GA57059>