Do I really need encryption?

Status
Not open for further replies.

panz

Guru
Joined
May 24, 2013
Messages
556
I'm in the middle of a tough battle with bug #5293 and I'm wondering if this bug has something to do with encryption.

I was always told that disk encryption could be a life saver when doing RMA of a failed disk, because - with the help of a strong pass phrase - nobody could recover my data.

Which are the real risk to RMA an unencrypted disk - let's say - that was part of a RAIDZ2 pool?

Could someone retrieve my data? I heard that today disks are refurbished and put again on the market, so the risk they could be handled by a skilled person is high. Do you agree?
 

joeschmuck

Old Man
Moderator
Joined
May 28, 2011
Messages
10,995
I was under the impression that your data is scattered about all the drives in a pool so only small fragments would be on a drive of the overall file unless you had a single drive RAIDZ1. I guess if someone put some real effort into it they could pull of data but it would require a lot of work, or at least automation. As for if a drive manufacturer would send out something less than a blank drive, I'd suspect they need to run a full surface test which would include writing to all locations, effectively wiping out your data. But unless it's done to DoD standards it could be retrievable you say. Well at that point if someone wanted the data, even an encrypted drive would not be safe. Brute force attacks do work, they just may take a very long time.

My opinion is an encrypted drive is to be used for company protection. My NAS is used mainly to hold my backup files which are encrypted upon creation. I also have some videos, photos, and a hand full of other files but all my financial data is on my main computer, some protected, some not. But the point is, with respect to my FreeNAS, anything that needs protection is done by my backup software. If someone wants to spend time trying to put together one photo of a pet, or vacation, more power to them.

Just my thoughts.
 

panz

Guru
Joined
May 24, 2013
Messages
556
My goal is that the NAS should be the main computer, because I need to edit my files from different LAN machines.

I was asking about encryption because I'm going to destroy my encrypted pool, install 9.2.1.6 release from scratch and go for a non-encrypted pool to see if this is going to solve bug #5293.
 

joeschmuck

Old Man
Moderator
Joined
May 28, 2011
Messages
10,995
I guess it depends on how you want to treat your data on if you want encryption or not. One other thing, typically when we see a hard drive failing in these forums, the user gets lots of notice via email that there are sector errors, a warning of impending doom. While the drive has not failed completely at this point, a user could replace that drive and still be able to wipe it clean. Of course if the drive just dies, that is not an option. I'd think degaussing the drive would be the next option but that may need to be checked with the manufacturer to see if they would accept an RMA'd drive like that.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
panz,

I'll talk to Jordan about this today. We were able to reproduce your problem yesterday and it doesn't have anything to do with encryption. At least, it wasn't from our test setup.
 

panz

Guru
Joined
May 24, 2013
Messages
556
9.2.1.6-RC2 just failed. I'm going to shutdown the server and wait for instructions. Thank you very much cyberjock!
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
panz,

I'll talk to Jordan about this today. We were able to reproduce your problem yesterday and it doesn't have anything to do with encryption. At least, it wasn't from our test setup.

Do you got anymore detail for us cyberjock? :confused:
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I don't. But ticket 5293 is being discussed between Josh Paetzel and Panz, so the issue should be properly identified and fixed for us soon enough (assuming its not user error or something like that).

My comment: Stay tuned. This does have the developer's attention.
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
:)
 

panz

Guru
Joined
May 24, 2013
Messages
556
Update: we're going to meet with webex at 3PM Pacific Time...
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
Errh... how long to is that? :oops:
 

panz

Guru
Joined
May 24, 2013
Messages
556
It's midnight here in Rome. I don't know how much time it is going to require.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Typically when I've worked with the developers with problems it taken 15-45 minutes. :D
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
Hm.. so in about 1.5 hours. :p
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Actually they're pretty badass at identifying problems quickly. The fix could take some work though. ;)
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
I ment it was about 1.5 hours until 3pm pacific :tongue:



Sent from my mobile using Tapatalk
 

panz

Guru
Joined
May 24, 2013
Messages
556
I have no other appointments now: it's 23:56 of Friday night ;) pretty hot here: 29° C...
 

Sir.Robin

Guru
Joined
Apr 14, 2012
Messages
554
We have around 10 :-l


Sent from my mobile using Tapatalk
 

solarisguy

Guru
Joined
Apr 4, 2014
Messages
1,125
While the bug is being chased...

In my opinion, encryption is for those cases when the data needs to be protected due to legal reasons and those few cases that it is a real secret of an individual or a company (working on patents, investigative journalism, cutting edge bio-research, etc.).

For the rest of us, it is an unnecessary hassle. Compression, when meaningful, and RAID-Z stripes make the files sufficiently illegible to a casual eye.

If XXX ( pick up your evil three letter spy agency ;) ) is after your data, they would get to your hard drives using your own encryption keys. The bad guys too, they might have more impact on your health doing that though.

I also believe that both disk makers and recovery companies always look at a users' drive contents, as they just might want to be up to date with the current usage patterns, tools being used to manage hard drives, filesystems, filesystem versions, etc. Recovery companies, if they see ZFS, ext4 or btrfs signatures, might consider investing in developing recovery tools for those filesystems, etc. On the positive side, I doubt that anybody there tries to meaningfully analyze pictures, video or whatever you have. Also, I am not pretending to know whether any XXX participates in the above...
 

panz

Guru
Joined
May 24, 2013
Messages
556
My primary concern is if the server is stolen, the bad guys could access financial data or medical records. Some files maybe sensitive, like office documents (my corporate has a privacy policy).
 
Status
Not open for further replies.
Top