Do I really need encryption?

[panz]

I'm in the middle of a tough battle with bug #5293 and I'm wondering if this bug has something to do with encryption.

I was always told that disk encryption could be a life saver when doing RMA of a failed disk, because - with the help of a strong pass phrase - nobody could recover my data.

Which are the real risk to RMA an unencrypted disk - let's say - that was part of a RAIDZ2 pool?

Could someone retrieve my data? I heard that today disks are refurbished and put again on the market, so the risk they could be handled by a skilled person is high. Do you agree?

 

[joeschmuck]

I was under the impression that your data is scattered about all the drives in a pool so only small fragments would be on a drive of the overall file unless you had a single drive RAIDZ1. I guess if someone put some real effort into it they could pull of data but it would require a lot of work, or at least automation. As for if a drive manufacturer would send out something less than a blank drive, I'd suspect they need to run a full surface test which would include writing to all locations, effectively wiping out your data. But unless it's done to DoD standards it could be retrievable you say. Well at that point if someone wanted the data, even an encrypted drive would not be safe. Brute force attacks do work, they just may take a very long time.

My opinion is an encrypted drive is to be used for company protection. My NAS is used mainly to hold my backup files which are encrypted upon creation. I also have some videos, photos, and a hand full of other files but all my financial data is on my main computer, some protected, some not. But the point is, with respect to my FreeNAS, anything that needs protection is done by my backup software. If someone wants to spend time trying to put together one photo of a pet, or vacation, more power to them.

Just my thoughts.

 

[panz]

My goal is that the NAS should be the main computer, because I need to edit my files from different LAN machines.

I was asking about encryption because I'm going to destroy my encrypted pool, install 9.2.1.6 release from scratch and go for a non-encrypted pool to see if this is going to solve bug #5293.

 

[joeschmuck]

I guess it depends on how you want to treat your data on if you want encryption or not. One other thing, typically when we see a hard drive failing in these forums, the user gets lots of notice via email that there are sector errors, a warning of impending doom. While the drive has not failed completely at this point, a user could replace that drive and still be able to wipe it clean. Of course if the drive just dies, that is not an option. I'd think degaussing the drive would be the next option but that may need to be checked with the manufacturer to see if they would accept an RMA'd drive like that.

 

[cyberjock]

panz,

I'll talk to Jordan about this today. We were able to reproduce your problem yesterday and it doesn't have anything to do with encryption. At least, it wasn't from our test setup.

 

[panz]

9.2.1.6-RC2 just failed. I'm going to shutdown the server and wait for instructions. Thank you very much cyberjock!

 

[Sir.Robin]

panz,

I'll talk to Jordan about this today. We were able to reproduce your problem yesterday and it doesn't have anything to do with encryption. At least, it wasn't from our test setup.

Do you got anymore detail for us cyberjock?

 

[cyberjock]

I don't. But ticket 5293 is being discussed between Josh Paetzel and Panz, so the issue should be properly identified and fixed for us soon enough (assuming its not user error or something like that).

My comment: Stay tuned. This does have the developer's attention.

 

[Sir.Robin]

:)

 

[panz]

Update: we're going to meet with webex at 3PM Pacific Time...

 

[Sir.Robin]

Errh... how long to is that?

 

[panz]

It's midnight here in Rome. I don't know how much time it is going to require.

 

[cyberjock]

Typically when I've worked with the developers with problems it taken 15-45 minutes. :D

 

[Sir.Robin]

Hm.. so in about 1.5 hours. :p

 

[cyberjock]

Actually they're pretty badass at identifying problems quickly. The fix could take some work though. ;)

 

[Sir.Robin]

I ment it was about 1.5 hours until 3pm pacific



Sent from my mobile using Tapatalk

 

[panz]

I have no other appointments now: it's 23:56 of Friday night ;) pretty hot here: 29° C...

 

[Sir.Robin]

We have around 10 :-l


Sent from my mobile using Tapatalk

 

[solarisguy]

While the bug is being chased...

In my opinion, encryption is for those cases when the data needs to be protected due to legal reasons and those few cases that it is a real secret of an individual or a company (working on patents, investigative journalism, cutting edge bio-research, etc.).

For the rest of us, it is an unnecessary hassle. Compression, when meaningful, and RAID-Z stripes make the files sufficiently illegible to a casual eye.

If XXX ( pick up your evil three letter spy agency ;) ) is after your data, they would get to your hard drives using your own encryption keys. The bad guys too, they might have more impact on your health doing that though.

I also believe that both disk makers and recovery companies always look at a users' drive contents, as they just might want to be up to date with the current usage patterns, tools being used to manage hard drives, filesystems, filesystem versions, etc. Recovery companies, if they see ZFS, ext4 or btrfs signatures, might consider investing in developing recovery tools for those filesystems, etc. On the positive side, I doubt that anybody there tries to meaningfully analyze pictures, video or whatever you have. Also, I am not pretending to know whether any XXX participates in the above...

 

[panz]

My primary concern is if the server is stolen, the bad guys could access financial data or medical records. Some files maybe sensitive, like office documents (my corporate has a privacy policy).