The last time I looked (which was a long time ago), Oracle's ZFS encryption looked extremely vulnerable to watermarking attacks. Did anybody ever fix that? -Alan On Tue, Aug 21, 2018 at 8:28 PM Matthew Macy <mmacy_at_freebsd.org> wrote: > On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy <mmacy_at_freebsd.org> wrote: > > > To anyone with an interest in native encryption in ZFS please test the > > projects/zfs-crypto-merge-0820 branch in my freebsd repo: > > https://github.com/mattmacy/networking.git > > > > > Oh and I neglected to state that this work is being supported by iX Systems > and the tree is all built on work done by Sean Fagan at iX Systems. Please > keep him in the loop on any problems encountered. > Thanks. > > > > > ( git clone https://github.com/mattmacy/networking.git -b > > projects/zfs-crypto-merge-0820 ) > > > > The UI is quite close to the Oracle Solaris ZFS crypto with minor > > differences for specifying key location. > > > > Please note that once a feature is enabled on a pool it can't be > > disabled. This means that if you enable encryption support on a pool > > you will never be able to import it in to a ZFS without encryption > > support. For this reason I would strongly advise against using this on > > any pool that can't be easily replaced until this change has made its > > way in to HEAD after the freeze has been lifted. > > > > > > By way of background the original ZoL commit can be found at: > > > > > https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49 > > > > Thanks in advance. > > -M > > > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >Received on Wed Aug 22 2018 - 01:11:56 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:17 UTC