[Discuss] NAS: encryption
Derek Atkins
warlord at MIT.EDU
Tue Jul 7 13:14:16 EDT 2015
"Edward Ned Harvey (blu)" <blu at nedharvey.com> writes:
>> From: Discuss [mailto:discuss-bounces+blu=nedharvey.com at blu.org] On
>> Behalf Of Tom Metro
>>
>> I imagine it would be challenging to pull off encryption well with
>> appliance hardware. The first problem is getting the software to do it.
>> (Plus all the automation you've previously discussed to set up the keys
>> on boot.) The second challenge is having the horsepower to perform the
>> encryption. Not impossible if they chose their embedded CPU well, but
>> unlikely to be optimized for that.
>
> You seem to think there's an obstacle which isn't really real -
> Encryption is very cheap computationally, so cheap indeed it can be
> done by the disks themselves. Yes, it's absolutely possible for
> appliances to utilize disk encryption, either by using its own CPU, or
> by offloading to the disks. I cannot speak to the specifics of any
> particular appliance actually doing it though, as I don't use any of
> them.
I don't trust my disks to do the encryption, mostly because there's
really no way to verify that it's doing it correctly, and the key
management gets a lot harder. I'd rather use dm-crypt (or the
equivalent). In either case you still need to figure out how your keys
are going to get provided when the system boots.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list