[Cryptography] encrypting hard drives (was Re: Shredding a file on a flash-based file system?)
Dan McDonald
danmcd at kebe.com
Thu Jun 19 18:05:20 EDT 2014
On Thu, Jun 19, 2014 at 05:27:53PM -0400, grarpamp wrote:
> And as in the design papers/blogs, Oracle ZFS seems to have some
> data that is not encrypted that arguably should be.
> https://blogs.oracle.com/darren/entry/zfs_encryption_what_is_on
That blog is 3.5 years old. I think things have likely improved since then.
> > And let me state for people wondering, "Why isn't it in OpenZFS already?"
>
> In the OpenZFS world, you deploy each OS's FDE underneath ZFS.
For now, yes. That's what you're stuck with.
> OpenZFS will likely add native encryption feature flag someday to
> satiate those who want per dataset keying, etc... but, thanks to Oracle,
> anything post zfs28/zpool5 might not end up interoperating.
>From what I can tell (and yes, I *am* biased...) only a few in OpenZFS-land
gives a rat's ass about interoperating with the Lawnmower.
Until somebody holds a big contract over someone's head, though, it won't get
done. It pains me, but I do understand why.
Dan
More information about the cryptography
mailing list