On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote: > >>>>> "ch" == c hanover <chano...@umich.edu> writes: > > ch> is there a way to a) securely destroy a filesystem, > > AIUI zfs crypto will include this, some day, by forgetting the key.
Right. > but for SSD, zfs above a zvol, or zfs above a SAN that may do > snapshots without your consent, I think it's just logically not a > solveable problem, period, unless you have a writeable keystore > outside the vdev structure. IIIRC ZFS crypto will store encrypted blocks in L2ARC and ZIL, so forgetting the key is sufficient to obtain a high degree of security. ZFS crypto over zvols and what not presents no additional problems. However, if your passphrase is guessable then the key might be recoverable even after it's "forgotten". Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
