-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/03/13 17:49, Jesus Cea wrote: > On 26/03/13 17:24, Dan McDonald wrote: >> All of those could, I suppose, lead to probable plaintext >> attacks in the worst case. > > Well, the mere existence of a "pool/porn" encrypted dataset with > 70.000 files on it, totalling 800GB, is an information disclusure.
A real example: my backup server. Knowing that a "pool/backups/daily/MACHINE" exists, how many files it contains, how many snapshots (and dates) are there, sizes, etc., is potentially risky. As I said, I understand the convenience (being able to scrub and resilver the zpool). I just point out something that makes me feel A BIT uncomfy, and that people using this should be aware of. So, yes, dataset encryption is something I want, but I want full disk encryption TOO. And that should be quite trivial. - -- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ [email protected] - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:[email protected] _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBUVHT2Jlgi5GaxT1NAQJ+BwP+KtbzSN9ihnIOAog74kJuizYGtlvS0Mir VPlM98e4p9K28/ZluybdQrBrQULCiQZHzdwQLUzazvFJlubEYTNUM9+DPP0F4KHj W7nUv7qTA3b/BUjQVt2XoQiovoLaL/GgMMBjYslqcjVgA1gMli7qI7jWZezOupHR 1k+35cmjyjM= =Qi7j -----END PGP SIGNATURE----- ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
