On 05/17/2016 09:17 PM, Thomas Caputi wrote: > The last feature is the actual data and metadata encryption. All data > in an encrypted dataset is stored encrypted on-disk. User-provided > metadata is also encrypted, but metadata structures have been left > plain so that scrubbing and resilvering still works without the keys > loaded. Most of the design comes from this article > (https://blogs.oracle.com/darren/entry/zfs_encryption_what_is_on). > There are a few important distinctions, however. For instance, I store > the encryption IV in the padding of blkptr_t instead of in its third > DVA. I also have L2ARC encryption implemented, which Oracle did not > have at the time.
Sorry for the noob question: what does this mean in plain English, from
a privacy standpoint? What sort of information is leaked to an attacker
gaining possession of a powered-off drive containing these structures?
--
Rudd-O
http://rudd-o.com/
signature.asc
Description: OpenPGP digital signature
------------------------------------------- openzfs-developer Archives: https://www.listbox.com/member/archive/274414/=now RSS Feed: https://www.listbox.com/member/archive/rss/274414/28015062-cce53afa Modify Your Subscription: https://www.listbox.com/member/?member_id=28015062&id_secret=28015062-f966d51c Powered by Listbox: http://www.listbox.com
