On 11/17/10 12:04 PM, Miles Nordin wrote:
"djm" == Darren J Moffat<[email protected]> writes:djm> http://blogs.sun.com/darren/entry/introducing_zfs_crypto_in_oracle djm> http://blogs.sun.com/darren/entry/assued_delete_with_zfs_dataset djm> http://blogs.sun.com/darren/entry/compress_encrypt_checksum_deduplicate_with Is there a URL describing the on-disk format and implementation details? djm> Encryption at the application layer solves a different set of djm> problems to encryption at the storage layer. black-box crypto is snake oil at any level, IMNSHO.
That sentence you quote was part of a theoretical discussion of where encryption should live, not about whether he or anyone else would share implementation details.
Congrats again on finishing your project, but every other disk encryption framework I've seen taken remotely seriously has a detailed paper describing the algorithm, not just a list of features and a configuration guide. It should be a requirement for anything treated as more than a toy. I might have missed yours, or maybe it's coming soon.
Ugh, we all know that the first rule of crytpo is that any proprietary, closed source, "black-box" crypto is crap, blah, blah, blah (I am not sure what the point of repeating that tired line is) and I am not one to give Oracle an inch but wtf? They just released this crap, give them a minute - if anything we have seen so far from Oracle shows us is that they are slow to move with external communication about Solaris.
_______________________________________________ zfs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
