crypto on-desk format having to change - OK to use enc ?

All your general support questions for OpenZFS on OS X.

crypto on-desk format having to change - OK to use enc ?

Postby whatever » Thu Feb 08, 2018 8:48 pm

As per the release notes viewtopic.php?f=20&t=3082

Two comments here;

The crypto on-disk format has to change, ZOL discovered a problem with send|recv. More details will come once they have the PR up to fix it.

Second, some users have discovered you can not click "allow" on the kext over screen sharing, only from local UI control.


Does this mean it's a bad idea to use encryption at this point? Or is going ahead just fine? If going ahead is just fine, are there any ramifications later?
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby leeb » Thu Feb 08, 2018 9:41 pm

Lundman response to my own question on this a month ago (in this forum further down the page):

lundman wrote:Actually, I think he promises that zfs send | zfs recv should be sufficient to fix the problem. But I personally will wait for the PR commit to come in before I make crypted datasets for my data.


The crypto PR was in fact committed last week, which as far as I know was the major blocker for a new binary release. Master also currently has lots and lots of other good fixes. So if you've waited this long giving it another few days to a week is probably a reasonable idea. If you've got a do-or-die project then it may still be fine, particularly if your pool is small enough vs available space/speed that you could trivially do a rebuild if necessary. Otherwise the next update Real Soon Now(TM) should be great (or of course you could build it yourself from Master).
leeb
 
Posts: 43
Joined: Thu May 15, 2014 12:10 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Fri Feb 09, 2018 2:34 am

I can wait. I was looking to replace my backup drive that I'm using truecrypt on with this, but i can hold out.

btw, does anyone have a sense on how this encryption compares with truecrypt? Truecrypt has cascaded encryption and RIPEMD-160, SHA-512, and Whirlpool but I'm not familiar how that would stack up against the ZFS aes-256-ccm / aes-256-gcm. Can anyone offer insight ?
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby leeb » Fri Feb 09, 2018 10:33 pm

Short version is that ZFS is using ubiquitous battle tested industry standards in symmetric crypto and there is nothing to worry about there, barring someone discovering a significant implementation error. An external security audit would be nice down the road, but if we're comparing to VeraCrypt then theirs a year or so ago didn't inspire confidence (though it did prompt some improvements).

The specifics of the OpenZFS implementation comes from the Illumos project (specifically the Illumos Crypto Port), and takes into account some specific needs for ZFS such as the ability to do scrubs or raw sends without keys. If you want a bit more discussion at length, you could read some of the OpenZFS native crypto issue discussions on GitHub, such as #6707, ZFS native encryption, GCM file size limitations, questions on best cipher encryption mode.

A few notes on your comment otherwise:
whatever wrote:Truecrypt has cascaded encryption and RIPEMD-160, SHA-512, and Whirlpool

First, none of those are crypto algorithms (ciphers), they're all hash functions. The ciphers in Truecrypt (now VeraCrypt) are ones like AES, Serpent, Twofish, etc. AES is a completely standardized rock solid SP-network cipher dating from 1998 that is widely deployed. While not the fastest or simplest in principle in practice hardware acceleration instructions under x86 (in the form of AES-NI) are also effectively ubiquitous on any remotely modern hardware. Intel first introduced them in the Westmere series Xeons (56xx) IIRC, back in 2010 (these are the processors you'd find in a 2010 Mac Pro). It was added to desktop and mobile chips with Sandy Bridge. From a Mac or even Hackintosh (and thus O3X) perspective you're near certain to have it.

AES-256 has no known security breaks, and while it is trickier to get right (when not using AES-NI in particular) vs side channel attacks, those are generally irrelevant in the specific application of FDE whose threat model is solely against cold physical attacks.
but I'm not familiar how that would stack up against the ZFS aes-256-ccm / aes-256-gcm. Can anyone offer insight ?

VeraCrypt uses AES (with hardware acceleration when available) too, as well as others. However cascading ciphers is of dubious value, or even negative value in that it adds unnecessary complexity and possibilities for foot-gun. In the VeraCrypt audit for example an issue came from the use of the GOST 28147-89 cipher which cannot effectively be used with XTS, that's both a silly mistake but also one that came about from having GOST (which is fundamentally flawed) at all. IIRC they dumped it afterwards, but it illustrates that more is not better, it's both slower and adds code complexity for no reason vs a good cipher. The OpenZFS implementation is designed to be easy to add new checksums/ciphers too should that ever prove necessary.

So it's unlikely there are any particular issues with OpenZFS vs anything else when it comes to security. There is the caveat that it's relatively new, but the primitives are not and it's coming from the work in Illumos.
Last edited by leeb on Fri Feb 09, 2018 11:45 pm, edited 1 time in total.
leeb
 
Posts: 43
Joined: Thu May 15, 2014 12:10 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Fri Feb 09, 2018 10:54 pm

that's an amazing response. Thank you so much for taking the time and writing all this for me. I really appreciate it
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby lundman » Mon Feb 12, 2018 7:18 am

As a side-note, I want to point out that the IllumOS crypto framework we ported over to OsX is in vanilla C, so there is no assembler, and no AES-NI usage. It is on the TODO for one day, either implementing it ourselves, or, investigate what the newer XNU gives us in cryptoframework, if anything at all. If that sounds tempting to someone, just create a PR :)
User avatar
lundman
 
Posts: 1335
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 9:35 am

So with the new release, there are no issues with starting to use ZFS encryption now ?
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby ilovezfs » Tue Mar 13, 2018 9:37 am

don't use it with cache devices but no on-disk format issues
ilovezfs
 
Posts: 232
Joined: Thu Mar 06, 2014 7:58 am

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 10:02 am

so full-disk encryption to replace a drive I'm using TrueCrypt on would be acceptable ?

Good :)

thank you
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 11:07 am

Image

I get this and no matter how much I click "Allow" nothing happens. Had similar issue with install

any ideas?
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Next

Return to General Help

Who is online

Users browsing this forum: Google [Bot] and 35 guests