Date: Tue, 21 Aug 2018 21:11:36 -0600 From: Alan Somers <asomers@freebsd.org> To: Matthew Macy <mmacy@freebsd.org> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-fs <freebsd-fs@freebsd.org>, Sean Fagan <sef@ixsystems.com> Subject: Re: Native Encryption for ZFS on FreeBSD CFT Message-ID: <CAOtMX2jGQWm9ZFM_0kqvEt41xrm%2BFTpq6JVK4iK-c20NQjisRg@mail.gmail.com> In-Reply-To: <CAPrugNpKOYe9VS6Q-Q43t4i51qsxrP0SKW76208rtX-ENWxS5g@mail.gmail.com> References: <CAPrugNomNQQUZZNgngYRjDEVEU=_KbE2pgG4ajO1Jr4%2BGov2gQ@mail.gmail.com> <CAPrugNpKOYe9VS6Q-Q43t4i51qsxrP0SKW76208rtX-ENWxS5g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The last time I looked (which was a long time ago), Oracle's ZFS encryption looked extremely vulnerable to watermarking attacks. Did anybody ever fix that? -Alan On Tue, Aug 21, 2018 at 8:28 PM Matthew Macy <mmacy@freebsd.org> wrote: > On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy <mmacy@freebsd.org> wrote: > > > To anyone with an interest in native encryption in ZFS please test the > > projects/zfs-crypto-merge-0820 branch in my freebsd repo: > > https://github.com/mattmacy/networking.git > > > > > Oh and I neglected to state that this work is being supported by iX Systems > and the tree is all built on work done by Sean Fagan at iX Systems. Please > keep him in the loop on any problems encountered. > Thanks. > > > > > ( git clone https://github.com/mattmacy/networking.git -b > > projects/zfs-crypto-merge-0820 ) > > > > The UI is quite close to the Oracle Solaris ZFS crypto with minor > > differences for specifying key location. > > > > Please note that once a feature is enabled on a pool it can't be > > disabled. This means that if you enable encryption support on a pool > > you will never be able to import it in to a ZFS without encryption > > support. For this reason I would strongly advise against using this on > > any pool that can't be easily replaced until this change has made its > > way in to HEAD after the freeze has been lifted. > > > > > > By way of background the original ZoL commit can be found at: > > > > > https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49 > > > > Thanks in advance. > > -M > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2jGQWm9ZFM_0kqvEt41xrm%2BFTpq6JVK4iK-c20NQjisRg>