Good afternoon everyone,
I'm brand new to FreeNAS, and encryption is an important feature to me, so I've been doing my due diligence and reading up on it. One thing that concerns me is that any time encryption is mentioned in the forums, it seems to be discouraged so I want to make sure that I have my bases covered and understand the risks.
From what I have read, there are 2 main issues:
My main concern is whether or not I'm at significant risk using encryption if I have all of the keys backed up safely.
Thanks!
I'm brand new to FreeNAS, and encryption is an important feature to me, so I've been doing my due diligence and reading up on it. One thing that concerns me is that any time encryption is mentioned in the forums, it seems to be discouraged so I want to make sure that I have my bases covered and understand the risks.
From what I have read, there are 2 main issues:
- The user is responsible for backing up their keys -- the user 0 key as well as the per-drive master keys (using geli backup) minimum. As long as I have a backup of the user 0 key and the per-drive keys, I am set with this requirement, correct? From what I understand, the recovery key isn't required if I have the user 0 key and the geli backups. What's the real benefit of a recovery key?
- A corruption in the last sector that holds the metadata (per-drive keys) will cause that disk to be unreadable. I believe that the typical scrubbing and inherent file repair of ZFS should help prevent this, but it is still a possibility. Does this have greater ramifications than a typical drive failure? In other words, will the entire pool fail because one of the keys on one of the drives has been corrupted?
My main concern is whether or not I'm at significant risk using encryption if I have all of the keys backed up safely.
Thanks!