Date: Mon, 25 Aug 2014 20:24:40 +0200 From: Roland Smith <rsmith@xs4all.nl> To: CyberLeo Kitsana <cyberleo@cyberleo.net> Cc: Scott Bennett <bennett@sdf.org>, freebsd-questions@freebsd.org, kpneal@pobox.com Subject: Re: some ZFS questions Message-ID: <20140825182440.GA57059@slackbox.erewhon.home> In-Reply-To: <53FB0AFD.6010507@cyberleo.net> References: <201408070816.s778G9ug015988@sdf.org> <40AF5B49-80AF-4FE2-BA14-BFF86164EAA8@kraus-haus.org> <201408211007.s7LA7YGd002430@sdf.org> <20140822005911.GA52625@neutralgood.org> <201408241027.s7OARfEK004658@sdf.org> <53FB0AFD.6010507@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Aug 25, 2014 at 05:07:57AM -0500, CyberLeo Kitsana wrote:
> On 08/24/2014 05:27 AM, Scott Bennett wrote:
> > kpneal@pobox.com wrote:
> >> What's the harm in encrypting all the data?
> >
> > High CPU overhead for both reading and writing is the main downside.
>
> AES-NI is fully supported for recent Intel CPUs, and can achieve some
> pretty impressive throughputs.
>
> >>
> >> In fact, encrypting all data is more secure. If you only encrypt the d=
ata
> >
> > Sure, but why do it if the data don't need to be secret?
>
> Because it takes 6-8 hours to erase a 3TB hard disk; and, if the disk
> fails, you can't always erase it before sending it back for RMA replaceme=
nt.
Are you following some kind of complex protocol? With a bog-standard 7.5k S=
ATA
drive on an Intel ICH9M controller I've measured write speeds (using =E2=80=
=9Cdd if=3D/dev/zero=E2=80=9D)
of 85500000 bytes/s. That would mean approximately 3.25 hours to wipe 3TB by
filling it with zeroes.
With modern drives the data density is so high that it is almost impossible=
to
retrieve single overwritten bits, let alone bytes or files if the complete
disks was filled with zeroes. And this includes the situation where a magne=
tic
force microscopy (=E2=80=9CMFM=E2=80=9D) is used. [1][2]
Also see the "Further Epilogue" to Gutmann's original article (see [2], scr=
oll
to the end);
Any modern drive will most likely be a hopeless task, what with ultra-h=
igh
densities and use of perpendicular recording I don't see how MFM would =
even
get a usable image, and then the use of EPRML will mean that even if yo=
u could
magically transfer some sort of image into a file, the ability to decod=
e that
to recover the original data would be quite challenging.
[1]: http://vocaro.com/trevor/blog/2006/09/18/the-myth-of-the-gutmann-metho=
d/comment-page-1/#comment-156068
[2]: https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
If some government agency want access to your data they can probably find an
excuse to subpeona your backup tapes rather than futz around trying to reco=
ver
erased data.
Roland
--=20
R.F.Smith http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJT+39oAAoJEED21dyjijPgU2gP/AggY1Xw7mXM+ic/vkoLZvK/
zJeBhtG6El+HB6/3xsg+pzVowUl5DAKebNsCIxOfEjV2Ln9SwuUJlDeh6SGE2c/C
8Eu8SRMHRaF8fvqca8d+q78LosNc645mr85OBgSYQ/2u1yKrijcpFydwYRo1igUV
XuqrSEVPm8yBS56lwW/kVvS8MPUJ/5QcEUgQTC9UB0yF+J5pG8gI5zcqrTzLkLD7
IDqiqqtk7XwlaJKpOwiKC6osHmrvmLcE/D9StLovFzzRjxolZcsnx390AfS2Rd5z
7z2FswBk2Y0RD6c5gsl++cjyS8HR2Kwb2pi0ocK7BTzMxYV6KY81f32fkIMtN3Rh
IXkQUk9bTDaxh2KYJ6XANzNDJqCMHrk/qAClaQ5aOiXtzL+nOux9R71bsrLmm97M
s5LcZ0vmHf0KccCIyFwJPQpAyGMu17AEF7aqHxwk+qbGsT2BovwPMbw2V87tHORS
e8gXLZlp8fbks89Z1vNbVBLrckzfcpM2PBwJqM5REiux1LTRKiDH075554RJSjuz
llWmUeKSiE6dPx5u2nhWUFDFVx5ybroO6rVy0hHYI3CEJ/SaHudGZys4V/A988V8
D4KrQQD3FmBkCS7KOMBRBI4LeUUzLGmrneFR6+le3CqdDBolEmJwZoFMWrXyr2f/
b7v+hxImjJIDafA/c298
=r8Mh
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140825182440.GA57059>