Darren J Moffat <darr...@opensolaris.org> writes: > On 11/15/10 19:36, David Magda wrote: > >>> Using ZFS encryption support can be as easy as this: >>> >>> # zfs create -o encryption=on tank/darren >>> Enter passphrase for 'tank/darren': >>> Enter again: >> > > >> 2. Both CCM and GCM modes of operation are supported: can you recommended >> which mode should be used when? I'm guessing it's best to accept the >> default if you're not sure, but what if we want to expand our knowledge? > > You've preempted my next planned posting ;-) But I'll attempt to give > an answer here: > > 'on' maps to aes-128-ccm, because it is the fastest of the 6 available > modes of encryption currently provided. Also I believe it is the > current wisdom of cryptographers (which I do not claim to be) that AES > 128 is the preferred key length due to recent discoveries about AES > 256 that are not know to impact AES 128. > > Both CCM[1] and GCM[2] are provided so that if one turns out to have > flaws hopefully the other will still be available for use safely even > though they are roughly similar styles of modes. > > On systems without hardware/cpu support for Galios multiplication > (Intel Westmere and later and SPARC T3 and later) GCM will be slower > because the Galios field multiplication has to happen in software > without any hardware/cpu assist. However depending on your workload > you might not even notice the difference. > > One reason you may want to select aes-128-gcm rather than aes-128-ccm > is that GCM is one of the modes for AES in NSA Suite B[3], but CCM is > not. > > Are there symmetric algorithms other than AES that are of interest ? > The wrapping key algorithm currently matches the data encryption key > algorithm, is there interest in providing different wrapping key > algorithms and configuration properties for selecting which one ? For > example doing key wrapping with an RSA keypair/certificate ? > > [1] http://en.wikipedia.org/wiki/CCM_mode > [2] http://en.wikipedia.org/wiki/Galois/Counter_Mode > [3] http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography
I appreciate all the hard work the ZFS team and yourself have done to making this happen. I think a lot of people are going to give this a try but I noticed that one of the license restrictions was not to run benchmarks without prior permission from Oracle. Is Oracle going to post some benchmarks that might give people an idea of the performance using the various key lengths? Or even the performance benefit of using the newer processors with hardware support? I think a few graphs and testing procedures would be great this might be an opportunity to convince people the benefit of using sparc and Oracle hardware while at the same time giving people a basic idea what it could do for them on their own systems. I would also go as far as saying that some people would not even know how to setup a baseline to get comparative test results while using encryption. I could imagine a lot of people are curious about every aspect of performance and are thinking is ZFS encryption ready for production. I just think that some people might need that little extra nudge that a few graphs and test would provide. If it happens to also come with a few good practices you could save a lot of people some time and heart ache as I am sure people are desirous to see the results. Rthoreau _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
