Can a single unencrypted drive removed from a RaidZ2 pool be read?

Status
Not open for further replies.
N

nanoduckie

Cadet
Joined
Jul 10, 2016
Messages
4
I have a WD Red 4TB drive that is about to fail and I'm going to RMA it. However I am a little worried as my drives are unencrypted and I don't want strangers to be peeking into my files. Could data from such a drive be read by a 3rd party?
 
nojohnny101

nojohnny101

Wizard
Joined
Dec 3, 2015
Messages
1,478
Just pull it from the server and zero it out with some software (there are dozens to choose from).
 
Stux

Stux

MVP
Joined
Jun 2, 2016
Messages
4,419
You can actually wipe it (and zero it) from the FreeNAS GUI.

Offline it, then wipe it.

FWIW, there would only be fragments of data in a broken non-trivial file system.

Someone would have to be dedicated to get anything.
 
Stux

Stux

MVP
Joined
Jun 2, 2016
Messages
4,419
nanoduckie said:
This means that if I do not wipe the drive, the data can be read?
Click to expand...

Yes, if you do not zero the drive, then there is data on it, and it can be read. maybe not easily, but if you don't wipe the drive, there is data on it.

But you can't just pull off files and pictures off the drive. There are only fragments of files on the disk.
 
N

nanoduckie

Cadet
Joined
Jul 10, 2016
Messages
4
Stux said:
Yes, if you do not zero the drive, then there is data on it, and it can be read. maybe not easily, but if you don't wipe the drive, there is data on it.

But you can't just pull off files and pictures off the drive. There are only fragments of files on the disk.
Click to expand...

Ah I see. I'm quite new to this so thanks for clarifying things!

This raised another question for me though. It is commonly said that if you lose more than 2 drives in a RaidZ2 array you will lose your entire pool and the data along with it. But if data a single drive can be read as you said, why would you lose all the data in the pool?
 
Stux

Stux

MVP
Joined
Jun 2, 2016
Messages
4,419
Because the array can't re-assemble the fragments.

Okay, imagine a house... of bricks... now remove 30% of the bricks then demolish it.

You try getting the house back.

The bricks are still there.

If you wanted to, you could reassemble the house... less 30%. It might take a while. It might cost a lot.

But more specifically, if you have a RaidZ2 array, and you lose 2 whole disks, then if you have another error you will lose data that is affected by that error. If that is a whole disk, you will lose the whole array. If its only 1 block which affects one file, you will only lose that file, but with raidz2 you will NOT lose any data until you suffer MORE than 2 failures affecting a given block. The first two disk failures affect every block. After that any other failure will wipe out what ever files are affected by that block... and if that block happens to be a critical disk metadata block, it could wipe out the filesystem, rather than a file. Since for all intents, a filesystem is actually just a file too ;)

With RaidZ1 if you lose a whole disk, then any further errors will cause data loss, and another total disk error will cause total data loss.

You should have a backup anyway
 
Last edited:
N

nanoduckie

Cadet
Joined
Jul 10, 2016
Messages
4
Stux said:
Because the array can't re-assemble the fragments.

Okay, imagine a house... of bricks... now remove 30% of the bricks then demolish it.

You get the house back.

The bricks are still there.

If you wanted to, you could reassemble the house... less 30%. It might take a while. It might cost a lot.

But more specically, if you have a RaidZ2 array, and you lose 2 whole disks, then if you have another error you will lose data that is affected by that error. If that is a whole disk, you will lose the whole array. If its only 1 block which affects one file, you will only lose that file, but with raidz2 you will NOT lose any data until you suffer MORE than 2 failures affecting a given block. The first two disk failures affect every block. After that any other failure will wipe out what ever files are affected by that block... and if that block happens to be a critical disk metadata block, it could wipe out the filesystem, rather than a file. Since for all intents, a filesystem is actually just a file too ;)
Click to expand...

Understood. Thanks for that clear explanation!
 
E

Evi Vanoost

Explorer
Joined
Aug 4, 2016
Messages
91
Technically there is data on there that can be read. How much depends on your types of data and whether or not that is worrisome depends on your level of compliance you need to meet.

E.g. If you have a database of SSN technically it is possible to have many sets of SSN to fit in a single block on a drive. If it's a set of compressed videos, there may be small portions of it that may be recoverable, whether that is relevant depends on many variables. You may also expose full sets of metadata that describes more about the data your array contains.

If this is HIPAA-level data, then you should zero it out or trash the drives unless you want to pay for a statistician to prove it doesn't matter.
 
Stux

Stux

MVP
Joined
Jun 2, 2016
Messages
4,419
Also, if the blocks are compressed they might appear as encrypted anyway.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Can a single unencrypted drive removed from a RaidZ2 pool be read?"

Similar threads

D
Replacing a faulty drive from a raidz2 array
Replies
1
Views
1K
Chris Moore
Chris Moore
R
  • Locked
Vdev in a Vdev?
Replies
17
Views
2K
Vito Reiter
Vito Reiter
TAC
Extending a 6x4TB RAIDZ2 Vdev Pool with 6x6TB Drives
Replies
0
Views
1K
TAC
TAC
T
Copy Pool-A (unencrypted) to Pool-B (encrypted)
Replies
2
Views
1K
winnielinnie
winnielinnie
G
Replace a single drive.
Replies
3
Views
2K
gunnahafta
G
Top