Fwd: [cryptography] [Cryptography] encrypting hard drives (was Re: Shredding a file on a flash-based file system?)
coderman
coderman@gmail.com
Fri Jun 20 22:35:59 PDT 2014
---------- Forwarded message ----------
From: grarpamp <grarpamp@gmail.com>
Date: Thu, Jun 19, 2014 at 2:27 PM
Subject: Re: [cryptography] [Cryptography] encrypting hard drives (was
Re: Shredding a file on a flash-based file system?)
On Thu, Jun 19, 2014 at 4:18 PM, Dan McDonald <danmcd@kebe.com> wrote:
> ZFS crypto, closed-source thanks to Oracle, was supposed to address this
> problem. Its design was to apply crypto in the "ZIO" path, like it does for
> checksums. I've not used Oracle Solaris, but apparently ZFS crypto is in
> there and it supposedly works.
And as in the design papers/blogs, Oracle ZFS seems to have some
data that is not encrypted that arguably should be.
https://blogs.oracle.com/darren/entry/zfs_encryption_what_is_on
> And let me state for people wondering, "Why isn't it in OpenZFS already?"
In the OpenZFS world, you deploy each OS's FDE underneath ZFS.
OpenZFS will likely add native encryption feature flag someday to
satiate those who want per dataset keying, etc... but, thanks to Oracle,
anything post zfs28/zpool5 might not end up interoperating.
https://en.wikipedia.org/wiki/ZFS
http://www.open-zfs.org/
More information about the cypherpunks
mailing list