From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BA06F139083 for ; Mon, 11 Dec 2017 01:33:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E0F42E0F9F; Mon, 11 Dec 2017 01:33:26 +0000 (UTC) Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7899AE0F71 for ; Mon, 11 Dec 2017 01:33:26 +0000 (UTC) Received: by mail-pg0-x22f.google.com with SMTP id o2so9808134pgc.8 for ; Sun, 10 Dec 2017 17:33:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=M1J17A/DnAehzmbqQ8Pf32XZsjZ7vQvTUo3/OeUN/k0=; b=HeEX9a60VqA+1GwwXl8L0XKbtr0hwHKIbMuLAdY5i9eUnQypyKiMWdNIA5cJ+dDnTq 3ytCKCjmEQ78977kjCo19HXpIfPRNi70u9t+Jt0bKWsAa3g+sObgsujmmPEs7VPMLeMZ uzRqDH4/JYH2pnOLbDvTQ4NOvwS3dzwOGFiVsC/f5IOWP9TGZx8V8v65yUt9dgGNplCN WHFWDLX0n4O5TQcK8ANwawT9fSv/MjkKgwIPnDFhjvqtsSkovWSIObXTsBuU/S8pEc3K Kjcg93RIlhSxs4dI4ypL0tKBD53+p7BhXMV0VRjeOwZPq6f2YU/QW3o8rZw8C1isMzt1 JPLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=M1J17A/DnAehzmbqQ8Pf32XZsjZ7vQvTUo3/OeUN/k0=; b=OZ+n/9dIsfzb22Dq5fKCOrbZ/BYxox5XAfRlko6l8fEkqCm55M4RO5060THm4qXGPW kTb//5p0sOfQwWx4Yo5Psx6M4e12fywNYYWgWZKozrUFYJ2o70ahc2gasQvyqhpHODTz dRIaNl1xs8ciBW6N1hSlf7XiqEieMkZHIhcaR20KePTffykXQfuIqtFy0WrL0QMjEMOp ZSptPBb9JoA0tjKuO4TEjk74zZnMxCT070Xsmi3KlsJkUSwIDF6Tit7BNuUmkukQn7pd 8/B5G3cBJbqPJ3tIgWw2wGht2pYCvFT3rL+WHOPFYJ9wnFhask5VQVo5EUDijvzuSc5z wS4g== X-Gm-Message-State: AJaThX6pCpa6ma+t6zN1xX2ZqivyIRNKcm8E/8cIeFfAe8bClzgGK5/a UJPUa+G5dkEaqTX+y9Av49I8zBZYN+MemdH8nWr1GQ== X-Google-Smtp-Source: AGs4zMZs/j4E2JHQqn1PZinrkEfE/PpcXd+AL95GpyWnEuLBYhxaZQfscQgtUvZaahHoY1htnJlul30EjDgQhmQSqU0= X-Received: by 10.84.129.97 with SMTP id 88mr36710418plb.230.1512956004388; Sun, 10 Dec 2017 17:33:24 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: freemanrich@gmail.com Received: by 10.100.151.169 with HTTP; Sun, 10 Dec 2017 17:33:23 -0800 (PST) In-Reply-To: <5A2DA069.9070305@youngman.org.uk> References: <20171207223545.GC18433@tp> <5A29D35D.1040901@youngman.org.uk> <1963563.zU3MYjX5FE@eve> <5A2C2B44.6060802@youngman.org.uk> <5A2D024C.2050301@youngman.org.uk> <5A2DA069.9070305@youngman.org.uk> From: Rich Freeman Date: Sun, 10 Dec 2017 20:33:23 -0500 X-Google-Sender-Auth: PE1mxzL9F5ZDjxvPX6dhUbS0Xrw Message-ID: Subject: Re: [gentoo-user] OT: btrfs raid 5/6 To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: e6376e0a-3b52-4618-8724-ffd5bd2ffd65 X-Archives-Hash: 28b583693a2620c32ed679f931179f53 On Sun, Dec 10, 2017 at 4:00 PM, Wols Lists wrote: > > So the OP needs to be aware that, if his file is smaller than the chunk > size, then it *will* be recoverable from a disk pulled from an array, be > it md-raid or zfs. > > The question is, then, how big is a chunk? And if zfs is anything like > md-raid, it will be a lot bigger than the 512B or 4KB that a naive user > would think. > I suspect the data is striped/chunked/etc at a larger scale. However, I'd really go a step further. Unless a filesystem or block layer is explicitly designed to prevent the retrieval of data without a key/etc, then I would not rely on something like this for security. Even actual encryption systems can have bugs that render them vulnerable. Something that at best provides this kind of security "by accident" is not something you should rely on. Data might be stored in journals, or metadata, or unwiped free space, or in any number of ways that makes it possible to retrieve even if it isn't obvious from casual inspection. If you don't want somebody recovering data from a drive you're disposing of, then you should probably be encrypting that drive one way or another with a robust encryption layer. That might be built into the filesystem, or it might be a block layer. If you're desperate I guess you could use the SMART security features provided by your drive firmware, which probably work, but which nobody can really vouch for but the drive manufacturer. Any of these are going to provide more security that relying on RAID striping to make data irretrievable. If you really care about security, then you're going to be paranoid about the tools that actually are designed to be secure, let alone the ones that aren't. -- Rich