Date: Thu, 29 Oct 2015 16:24:00 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Lyndon Nerenberg <lyndon@orthanc.ca> Cc: freebsd-current Current <freebsd-current@freebsd.org> Subject: Re: Depreciate and remove gbde Message-ID: <20151029232359.GQ65715@funkthat.com> In-Reply-To: <D06BBE98-3C1B-400E-8069-57FD37A6FF98@orthanc.ca> References: <6216.1445631619@critter.freebsd.dk> <201510241559.t9OFwsiF078038@fire.js.berklix.net> <20151024190611.GE65715@funkthat.com> <D06BBE98-3C1B-400E-8069-57FD37A6FF98@orthanc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Lyndon Nerenberg wrote this message on Mon, Oct 26, 2015 at 19:06 -0700:
> On Oct 24, 2015, at 12:06 PM, John-Mark Gurney <jmg@funkthat.com> wrote:
>
> > The thing I like most about encryption is that when I RMA a bad
> > drive, I don't have to worry about my data leaking if I am unable
> > to overwrite all the data...
>
> You are optimistic if you believe that. We ($WORK) factor the cost of DOA/warranty drives into our operational budget. They never get RMAed. We drill them when they die.
Being a personal user, and having close to a 10% RMA rate on recent
hard drives, that would be a bit costly...
I consider a HD defective if it's under waranty and it's performance
drops below 80% of new, i.e. 130MB/sec normal sequential write drops
below 100MB/sec..
The weekest point is the passphrase/passfile protecting the master
key... In my case, I use a random passfile for these drives... If
someone is able to break the passfile, or the AES-256 encryption, then
they must really want my data... It'd be easier, even for governments,
to do a black bag job than recover partial data (it's one drive of a
RAIDZ array)...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151029232359.GQ65715>