On Nov 16, 2010, at 2:03 PM, Rthoreau <r7h0...@att.net> wrote: > Darren J Moffat <darr...@opensolaris.org> writes: > >> On 11/15/10 19:36, David Magda wrote: >> >>>> Using ZFS encryption support can be as easy as this: >>>> >>>> # zfs create -o encryption=on tank/darren >>>> Enter passphrase for 'tank/darren': >>>> Enter again: >>> >> >> >>> 2. Both CCM and GCM modes of operation are supported: can you recommended >>> which mode should be used when? I'm guessing it's best to accept the >>> default if you're not sure, but what if we want to expand our knowledge? >> >> You've preempted my next planned posting ;-) But I'll attempt to give >> an answer here: >> >> 'on' maps to aes-128-ccm, because it is the fastest of the 6 available >> modes of encryption currently provided. Also I believe it is the >> current wisdom of cryptographers (which I do not claim to be) that AES >> 128 is the preferred key length due to recent discoveries about AES >> 256 that are not know to impact AES 128. >> >> Both CCM[1] and GCM[2] are provided so that if one turns out to have >> flaws hopefully the other will still be available for use safely even >> though they are roughly similar styles of modes. >> >> On systems without hardware/cpu support for Galios multiplication >> (Intel Westmere and later and SPARC T3 and later) GCM will be slower >> because the Galios field multiplication has to happen in software >> without any hardware/cpu assist. However depending on your workload >> you might not even notice the difference. >> >> One reason you may want to select aes-128-gcm rather than aes-128-ccm >> is that GCM is one of the modes for AES in NSA Suite B[3], but CCM is >> not. >> >> Are there symmetric algorithms other than AES that are of interest ? >> The wrapping key algorithm currently matches the data encryption key >> algorithm, is there interest in providing different wrapping key >> algorithms and configuration properties for selecting which one ? For >> example doing key wrapping with an RSA keypair/certificate ? >> >> [1] http://en.wikipedia.org/wiki/CCM_mode >> [2] http://en.wikipedia.org/wiki/Galois/Counter_Mode >> [3] http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography > > I appreciate all the hard work the ZFS team and yourself have done to > making this happen. I think a lot of people are going to give this a try > but I noticed that one of the license restrictions was not to run > benchmarks without prior permission from Oracle.
This is industry standard faire. Sun had similar restrictions. > Is Oracle going to > post some benchmarks that might give people an idea of the performance > using the various key lengths? Or even the performance benefit of using > the newer processors with hardware support? Good question... > I think a few graphs and testing procedures would be great this might be > an opportunity to convince people the benefit of using sparc and Oracle > hardware while at the same time giving people a basic idea what it could > do for them on their own systems. I would also go as far as saying that > some people would not even know how to setup a baseline to get > comparative test results while using encryption. > > I could imagine a lot of people are curious about every aspect of > performance and are thinking is ZFS encryption ready > for production. Does Oracle "support" Solaris 11 Express in production systems? > I just think that some people might need that little > extra nudge that a few graphs and test would provide. If it happens to > also come with a few good practices you could save a lot of people some > time and heart ache as I am sure people are desirous to see the results. I think people are putting encryption in their apps directly (eg Oracle's Transparent Data Encryption feature) -- richard > _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
