> That doesn't answer the question about what happens when dedup is turned off.
> In that case, is the HMAC still used as the IV? If so, then watermarking
> attacks are still possible.
Quoting the comment from the code above: "For non-dedup blocks we
derive the IV randomly". When dedup is enab
Hi Thomas,
Alan believes that, even with dedup disabled, the ZFS native encryption
support is vulnerable to watermarking attacks. I don't have enough exposure
to crypto to pass any judgement and was hoping that you'd share your point
of view. Thanks in advance.
-M
On Wed, Aug 22, 2018 at 12:42
On Aug 22, 2018, at 12:20 PM, Alan Somers wrote:
> ]That doesn't answer the question about what happens when dedup is turned
> off. In that case, is the HMAC still used as the IV? If so, then
> watermarking attacks are still possible. If ZFS switches to a random IV when
> dedup is off, then
On Aug 22, 2018, at 12:35 PM, Alan Somers wrote:
> Only encrypting L0 blocks also leaks a lot of information. That means that,
> if encryption is set to anything but "off", watermarking attacks will still
> be possible based on the size and sparsity of a file. Because I believe that
> with an
On Wed, Aug 22, 2018 at 12:30 PM Sean Fagan wrote:
> On Aug 21, 2018, at 8:16 PM, Alan Somers wrote:
> >
> > > The last time I looked (which was a long time ago), Oracle's ZFS
> encryption looked extremely vulnerable to watermarking attacks. Did
> anybody ever fix that?
>
> This is the comment
Only encrypting L0 blocks also leaks a lot of information. That means
that, if encryption is set to anything but "off", watermarking attacks will
still be possible based on the size and sparsity of a file. Because I
believe that with any encryption mode, ZFS turns continuous runs of zeros
into ho
On Aug 21, 2018, at 8:16 PM, Alan Somers wrote:
>
> > The last time I looked (which was a long time ago), Oracle's ZFS encryption
> > looked extremely vulnerable to watermarking attacks. Did anybody ever fix
> > that?
This is the comment about dedup in zio_crypt.c:
* CONSIDERATIONS FOR DEDU
Fixed. Pull.
bc2b257d1082112cc27e56db793f5c569f603bec
On Wed, Aug 22, 2018 at 12:10 AM Matthew Macy wrote:
> Yes. I _just_ rebased and broke world in the process. Fix coming up
> momentarily.
> -M
>
> On Wed, Aug 22, 2018 at 12:06 AM Outback Dingo
> wrote:
>
>> of course interesting work, but u
Yes. I _just_ rebased and broke world in the process. Fix coming up
momentarily.
-M
On Wed, Aug 22, 2018 at 12:06 AM Outback Dingo
wrote:
> of course interesting work, but unfortunately, and as you know me,
> what would i say next
>
> cc -target x86_64-unknown-freebsd12.0
> --sysroot=/usr/obj/us
of course interesting work, but unfortunately, and as you know me,
what would i say next
cc -target x86_64-unknown-freebsd12.0
--sysroot=/usr/obj/usr/src/amd64.amd64/tmp
-B/usr/obj/usr/src/amd64.amd64/tmp/usr/bin -O2 -pipe
-I/usr/src/sys/cddl/compat/opensolaris
-I/usr/src/cddl/compat/opensolaris/
On Aug 21, 2018, at 8:11 PM, Alan Somers wrote:
> The last time I looked (which was a long time ago), Oracle's ZFS encryption
> looked extremely vulnerable to watermarking attacks. Did anybody ever fix
> that?
This isn’t Oracle’s implementation, but I don’t know how compatible or not it
is wi
On 2018-08-21 23:16, Alan Somers wrote:
> On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan wrote:
>
>> On Aug 21, 2018, at 8:11 PM, Alan Somers wrote:
>>> The last time I looked (which was a long time ago), Oracle's ZFS
>> encryption looked extremely vulnerable to watermarking attacks. Did
>> anybody
On Tue, Aug 21, 2018 at 20:22 Alan Somers wrote:
> On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan wrote:
>
>> On Aug 21, 2018, at 8:11 PM, Alan Somers wrote:
>> > The last time I looked (which was a long time ago), Oracle's ZFS
>> encryption looked extremely vulnerable to watermarking attacks. Did
On Tue, Aug 21, 2018 at 9:13 PM Sean Fagan wrote:
> On Aug 21, 2018, at 8:11 PM, Alan Somers wrote:
> > The last time I looked (which was a long time ago), Oracle's ZFS
> encryption looked extremely vulnerable to watermarking attacks. Did
> anybody ever fix that?
>
> This isn’t Oracle’s impleme
The last time I looked (which was a long time ago), Oracle's ZFS encryption
looked extremely vulnerable to watermarking attacks. Did anybody ever fix
that?
-Alan
On Tue, Aug 21, 2018 at 8:28 PM Matthew Macy wrote:
> On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy wrote:
>
> > To anyone with an in
On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy wrote:
> To anyone with an interest in native encryption in ZFS please test the
> projects/zfs-crypto-merge-0820 branch in my freebsd repo:
> https://github.com/mattmacy/networking.git
>
>
Oh and I neglected to state that this work is being supported b
To anyone with an interest in native encryption in ZFS please test the
projects/zfs-crypto-merge-0820 branch in my freebsd repo:
https://github.com/mattmacy/networking.git
( git clone https://github.com/mattmacy/networking.git -b
projects/zfs-crypto-merge-0820 )
The UI is quite close to the Orac
17 matches
Mail list logo
