Compression AND encryption

wayward

New Member


Messages: 19

I'am running FreeBSD on my 2 servers with encryption and works like a charm. But i would like to go one step further! Is it possible to encrypt and compress a drive? Like Geli does, typin password at boot-up?

Or is it already possible and i just don't know the name? :stud
 

graudeejs

Son of Beastie

Reaction score: 694
Messages: 4,615

function is called search
the results would be
https://forums.freebsd.org/showthread.php?t=184

To encrypt entire disk, easiest way is to use boot flash (if computer support booting from usb)
you need to make bootable slice (you can do it with sysinstall)
then copy /boot/kernel and make /etc/fstab on usb flash
That's it
you can add keys to flash etc etc

read the post and read posts given in links
it covers it all.
if anything i will answer.

btw. i'm using full drive encryption
 

lme@

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 295
Messages: 769

It is possible with ZFS compression and geli.
 
OP
OP
W

wayward

New Member


Messages: 19

lme@ said:
It is possible with ZFS compression and geli.
Sounds interesting, could you tell me where i can find more? In Google i find alot of forum topics without a real answer.

Or is it possible to give a password to ZFS, thats fine for me too.
 

graudeejs

Son of Beastie

Reaction score: 694
Messages: 4,615

wayward said:
Sounds interesting, could you tell me where i can find more? In Google i find alot of forum topics without a real answer.

Or is it possible to give a password to ZFS, thats fine for me too.
[i haven't tried but this should work]
make encrypted disk/slice/laber with geom_eli and on top of that (when it's attached) put zfs....

you can use keys and/or password to encrypt drive. Also you can make it ask for password and/or key at boot
 

graudeejs

Son of Beastie

Reaction score: 694
Messages: 4,615

fender0107401 said:
I am curious about the result, maybe it will degrade the system performance.
using encryption will always degrade performance a bit.
But it all depends on hardware, and algorithms used
 

lme@

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 295
Messages: 769

I was surprised that my 500 MHz GEODE CPU on an Alix Board was only at 44% CPU utilization when I copied some GB to a geli encrypted drive, so the performance drop is not sooo much.
 

fender0107401

Well-Known Member

Reaction score: 11
Messages: 331

Good news, before this I think the hard_disk encryption will consume many resource.
Now I know that for modern computer it is acceptable. :)
 

graudeejs

Son of Beastie

Reaction score: 694
Messages: 4,615

fender0107401 said:
Good news, before this I think the hard_disk encryption will consume many resource.
Now I know that for modern computer it is acceptable. :)
I use full HDD encryption on my 4-5year old PC.
Didn't noticed any difference in performance
 
OP
OP
W

wayward

New Member


Messages: 19

I too use Geli encryption (24 character password) on my pentium III 500 MHZ, on a 2GB RAID Drive. :) And sometimes i get a 74% CPU peak but thats it. So Its time to drive it further! What amazes me further that i never expierenced any errors. In windows i'am scared about these things....!!!

I found the following manual:
http://www.ish.com.au/solutions/articles/freebsdzfs

When i add another GB i will try this on my backup server and if it works out i will add it to my primairy server.
 

syadnom

New Member

Reaction score: 1
Messages: 7

The compression will compound the issue. You may notice that encryption does not eat up your entire cpu because you may be running into an i/o or bandwidth limitation on the disks. If you encrypt a ramdisk, every access will peg the cpu because there will be no disk bottleneck..

Compression is going to add another layer of cpu usage, but it will also use less disk bandwidth (because the files are smaller on disk) which will cause you to use more cpu for encryption(again, no disk bottleneck). You will trade a disk bottleneck for a cpu bottleneck.

lzof compression on zfs can use 100% of ANY cpu that you throw at it if you have enough bandwidth. I have an opensolaris, 10 disk zfs raidz2 array and lzof compression can peg 1 core of my 3ghz core2 quad (single thread) and a lot of disk access to compressed files can peg all 4 cores. This is a good thing, id rather peg the cpu and get the operation completed! The downside is that if you are trying to use the cpu for something else then performance will suffer.

is storage space so important on this system? I dont know your system specs but this would be a bad idea on a p3 500mhz or less system, like the geod alix system in a previous post. Your cpu will spend all of it's time reading and writing to the disk and no time doing any real work.
 
Top