Re: [zfs-discuss] ZFS 'secure erase'

Sun, 07 Feb 2010 07:46:58 -0800 

On 05/02/2010 21:46, Nicolas Williams wrote:

On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote:

"ch" == c hanover<chano...@umich.edu>  writes:


     ch>  is there a way to a) securely destroy a filesystem,

AIUI zfs crypto will include this, some day, by forgetting the key.


Right.


but for SSD, zfs above a zvol, or zfs above a SAN that may do
snapshots without your consent, I think it's just logically not a
solveable problem, period, unless you have a writeable keystore
outside the vdev structure.


IIIRC ZFS crypto will store encrypted blocks in L2ARC and ZIL, so
forgetting the key is sufficient to obtain a high degree of security.



Correct, the L2ARC and ZIL are encrypted - they have to be they are 
stored on persistent storage media.  The L2ARC is currently encrypted 
using a per pool ephemeral key, since the L2ARC is not persistent after 
pool export/reboot anyway.  When the L2ARC moves to being persistent 
after pool/export reboot then it will be encrypted just the same as the 
dataset normally is.  I have an RFE open that we may or may not 
implement in the future at would allow specifying wither the L2ARC is 
encrypted or not using the already existing secondarycache property. 
The only reason for considering that type of deployment is if the L2ARC 
is stored on media that is secured by other means to meet the 
deployments threat model.



ZFS crypto over zvols and what not presents no additional problems.
However, if your passphrase is guessable then the key might be
recoverable even after it's "forgotten".



Passphrases are transformed into AES wrapping keys using PKCS#5 PBE, 
there is a salt (taken from /dev/random) as well so brute force 
shouldn't work.  However if the password is easily guessed then the 
wrapping key could be recovered since while the salt is stored in a 
hidden property that can not be updated from zfs(1) it is visible if you 
explicitly ask for it.



--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss






















					Reply via email to