Recent comments on posts in the blog:

For performance ideas, have a look at Dan Langille's results. He has looked much more at this than I have.
Comment by fj Mon Feb 25 11:21:17 2013

Performance depends on your CPU. If it can not encrypt/decrypt the data fast enough, you are going to wait on it.

My home server is a HP MicroServer N36L. It has an Atom-like dual core CPU, running at 1.3GHz. Not a speedmonster in any way. 4 drives attached, running raidz1.

I can read around 55MB/s from the encrypted ZFS. While doing this, the CPU is maxed out.

If your server has a modern high performance CPU, you will be able to saturate a 1Gb link with no problem.

Comment by fj Fri Feb 22 18:41:17 2013

I've been considering converting my Windows Server 2008r2 setup with 6x3TB in raid 5 to a ZFS built with encryption. So i'd be using FreeBSD 9.1 + GELI + ZFS raidz1 or z2 pool.

What kind of performance can I expect? Can I easily saturate a 1 gbit connection? And how much CPU does it use? Is the performance cpu or hdd bound? And if so, which cpu do you use?

Hopefully you can give me some more insight.

Thanks

Comment by sukosevato Mon Feb 18 01:24:17 2013

(Sorry about the delay. I have not yet set up monitoring of the comment moderation queue. UPDATE: This has been fixed now)

I do not understand why you would want more than 3 parity disks. The ability to loose 3 disks before loosing data is pretty OK. Are you sure that you are not confusing the number of disks in the pool with the number of parity disks?

As for truecrypt, you might be looking for /usr/ports/security/truecrypt

Comment by fj Thu Aug 30 22:41:17 2012

Hi,

Thank you for documenting this experiment/observation with others. I really appreciate it. I am a bsd noob trying to covert my system to bsd and very much interested in encrypted zfs. I read somewhere that zfs only supports up to 3 raidz parity disks as I found out here -> https://blogs.oracle.com/ahl/entry/what_is_raid_z and so does most of the example I found on the net.

Another question, Are there any functionality/programs like truecrypt in bsd where I can hide partitions/(pools?) in bsd just like in linux/windows ?

Thank you again for a thoughtful write-up on encrypted zfs.

Comment by hafidz Thu Aug 16 17:09:35 2012

Tarsnap er fint for den paranoide geek.

rsnapshot for os knap så paranoide geeks

og gmail/dropbox/usb lignende løsninger for de resterende 99.9% af jordens befolkning

men off-site backup er generelt et godt råd

Dropbox er afgjort en god løsning for de fleste.
De sikkerheds issues der er ved servicen, er ikke relevante for de fleste almindelige brugere.

Man skal dog huske at den stjålne laptop vil have adgang til at slette data i dropbox.
Ikke noget der vil være et problem i de fleste situationer med en mistet laptop, men dog en pointe.

Comment by fj Tue Jun 7 15:26:54 2011

Jeg har også pushet https://www.dropbox.com/ til venner og bekendte. En nem måde at få taget en kopi og få den sendt væk fra computeren.

Sikkerheden for at amazon s3 så ikke smider vores data væk og sikkerheden mod at nogen læser mine filer....tjaeh tjoeh... Erfaringen viser at det er mere sandsynligt at min taske bliver stjålet :)

Nice post, but this comment is to confirm comment system is working.
Comment by http://www.tobez.org/ Tue Jun 7 10:22:46 2011
comment 3

Tak for info!

Jeg fandt så ud af at postdk har forsøgt at aflevere en mail siden i går om at min pakke ikke kunne være i døgnposten, men skulle afhentes på posthuset. Jeg har slået SMSer til, men de mener åbenbart ikke at den slags beskeder skal sendes via SMS, og nu er posthuset lukket, så jeg kan få lov at vente til mandag.

Comment by Andreas Plesner Jacobsen Sat Jan 9 17:08:42 2010