On 2018-08-21 23:16, Alan Somers wrote: > On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan <sef_at_ixsystems.com> wrote: > >> On Aug 21, 2018, at 8:11 PM, Alan Somers <asomers_at_freebsd.org> wrote: >>> The last time I looked (which was a long time ago), Oracle's ZFS >> encryption looked extremely vulnerable to watermarking attacks. Did >> anybody ever fix that? >> >> This isn’t Oracle’s implementation, but I don’t know how compatible or not >> it is with it. >> >> Sean. >> > > It wasn't just an implementation problem, it was in the design. IIRC, > Oracle's encryption allowed encrypted blocks to be deduplicated. There's > pretty much no way to defend against watermarking attacks with such a > design. Does the new encryption design have the same flaw? > > -Alan > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > There is a presentation from the OpenZFS developers summit that walks through the design. It is not the same as the Oracle version, although relatively similar. Video: https://youtu.be/frnLiXclAMo Slides: https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing It says dedup only works within the same 'clone family', and uses a unique IV for every block, except when the data is identical (when it gets deduped) It isn't clear to me from the presentation if this issue is mitigated or not. Slide #26 suggests they have done more than Oracle did. -- Allan Jude
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:17 UTC