64 bytes is a bit arbitrary. Up until now I had not heard any complaints about this since most people I know who would use a 64 character passphrase are using a password manager instead. I am adding a test to the PR…
Yes, there are per filesystem / zvol keys and the raw encrypted data is sent over the wire along with the encrypted keys.
Oracle ZFS does have encryption, but this implementation fixes a few security / usability issues with it, adds more features, and brings the implementation into the open source world.
Thank you for the suggestion. As I said above, there is nothing preventing something like that from being implemented in ZFS in the future. Unfortunately, however, the encryption implementation uses a port of the…
I'm Tom Caputi, author of the ZFS encryption patch and I can answer of few of your questions. First of all, the choice of AES-CCM. I have had a few people ask me why we didn't chose something like ChaCha20 as a block…
64 bytes is a bit arbitrary. Up until now I had not heard any complaints about this since most people I know who would use a 64 character passphrase are using a password manager instead. I am adding a test to the PR…
Yes, there are per filesystem / zvol keys and the raw encrypted data is sent over the wire along with the encrypted keys.
Oracle ZFS does have encryption, but this implementation fixes a few security / usability issues with it, adds more features, and brings the implementation into the open source world.
Thank you for the suggestion. As I said above, there is nothing preventing something like that from being implemented in ZFS in the future. Unfortunately, however, the encryption implementation uses a port of the…
I'm Tom Caputi, author of the ZFS encryption patch and I can answer of few of your questions. First of all, the choice of AES-CCM. I have had a few people ask me why we didn't chose something like ChaCha20 as a block…