From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 3 14:53:34 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 24F52BD9 for ; Tue, 3 Sep 2013 14:53:34 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DA5122317 for ; Tue, 3 Sep 2013 14:53:33 +0000 (UTC) Received: by mail-qc0-f171.google.com with SMTP id n1so3107072qcw.2 for ; Tue, 03 Sep 2013 07:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=5GcDqogBsonxgUwPyzoQtV46rtdvrBz8mS3gFHYr8vI=; b=b2t2ShSKaG+yGGkGlnQwcKvuhPcoptzINlOovVOJtILaHk+2NSbx8LXlRLj3tyIAzt tszswJuEk+W0f08cJeEkP3DuD5uOokvdJWxU7Sw2iBazzMIaZXH9sW8SF389ym3y/nNG oTPtdd1V1SkVR+PC4we/pmPhq1wrIN1XFY7qTc7hLjF/OKRHJEm7QQD1NFKPzoj3mf8+ 1z4W7XYaJfml4XpVy9hbTWWrc3nhx+hRKAHSVYygqdRlm9PUxJHT55Il8hIWHH2sMgZF 3a0FVIV/5S6qZHn8bmCAGePUCK0is7xZuLRrjsG1czxBc8FvV+N3TsDjBHkZyUUKots7 URzA== MIME-Version: 1.0 X-Received: by 10.224.122.195 with SMTP id m3mr1364739qar.9.1378220012936; Tue, 03 Sep 2013 07:53:32 -0700 (PDT) Sender: asomers@gmail.com Received: by 10.49.39.101 with HTTP; Tue, 3 Sep 2013 07:53:32 -0700 (PDT) In-Reply-To: <5225D49B.2080807@peterschmitt.fr> References: <226721378210462@web15j.yandex.ru> <5225D49B.2080807@peterschmitt.fr> Date: Tue, 3 Sep 2013 08:53:32 -0600 X-Google-Sender-Auth: y92iJ1ToW6OAs5rXQu62t_nLHbM Message-ID: Subject: Re: Zfs encryption property for freebsd 8.3 From: Alan Somers To: Florent Peterschmitt Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2013 14:53:34 -0000 On Tue, Sep 3, 2013 at 6:22 AM, Florent Peterschmitt wrote: > Le 03/09/2013 14:14, Emre =C7amalan a =E9crit : >> Hi, >> I want to encrypt some disk on my server with Zfs encryption property bu= t it is not available. > > "That would require ZFS v30. As far as I am aware Oracle has not > released the code under CDDL." Oracle's ZFS encryption is crap anyway. It works at the filesystem level, not the pool level, so a lot of metadata is in plaintext; I don't remember how much exactly. It's also highly vulnerable to watermarking attacks. > > From http://forums.freebsd.org/showthread.php?t=3D30036 > > So you can use ZFS pools on GELI volumes, it can be a good start. I not > play with it. GELI is full-disk encryption. It's far superior to ZFS encryption. > > -- > Florent Peterschmitt | Please: > florent@peterschmitt.fr | * Avoid HTML/RTF in E-mail. > +33 (0)6 64 33 97 92 | * Send PDF for documents. > http://florent.peterschmitt.fr | * Trim your quotations. Really. > Proudly powered by Open Source | Thank you :) >