# Compression AND encryption



## wayward (Dec 18, 2008)

I'am running FreeBSD on my 2 servers with encryption and works like a charm. But i would like to go one step further! Is it possible to encrypt and compress a drive? Like Geli does, typin password at boot-up? 

Or is it already possible and i just don't know the name? :stud


----------



## graudeejs (Dec 18, 2008)

function is called search
the results would be
https://forums.freebsd.org/showthread.php?t=184

To encrypt entire disk, easiest way is to use boot flash (if computer support booting from usb)
you need to make bootable slice (you can do it with sysinstall)
then copy /boot/kernel and make /etc/fstab on usb flash
That's it
you can add keys to flash etc etc

read the post and read posts given in links
it covers it all.
if anything i will answer.

btw. i'm using full drive encryption


----------



## graudeejs (Dec 18, 2008)

i don't know any method that would allow this atm


----------



## graudeejs (Dec 18, 2008)

http://www.freebsd.org/cgi/man.cgi?query=geom_uzip&sektion=4
could this be useful to you?
you can put this on top of geom_eli, but it's read-only solution

haven't tried though


----------



## lme@ (Dec 19, 2008)

It is possible with ZFS compression and geli.


----------



## wayward (Dec 23, 2008)

lme@ said:
			
		

> It is possible with ZFS compression and geli.



Sounds interesting, could you tell me where i can find more? In Google i find alot of forum topics without a real answer.

Or is it possible to give a password to ZFS, thats fine for me too.


----------



## graudeejs (Dec 23, 2008)

wayward said:
			
		

> Sounds interesting, could you tell me where i can find more? In Google i find alot of forum topics without a real answer.
> 
> Or is it possible to give a password to ZFS, thats fine for me too.



[i haven't tried but this should work]
make encrypted disk/slice/laber with geom_eli and on top of that (when it's attached) put zfs....

you can use keys and/or password to encrypt drive. Also you can make it ask for password and/or key at boot


----------



## fender0107401 (Dec 23, 2008)

I am curious about the result, maybe it will degrade the system performance.


----------



## graudeejs (Dec 23, 2008)

fender0107401 said:
			
		

> I am curious about the result, maybe it will degrade the system performance.



using encryption will always degrade performance a bit.
But it all depends on hardware, and algorithms used


----------



## lme@ (Dec 23, 2008)

I was surprised that my 500 MHz GEODE CPU on an Alix Board was only at 44% CPU utilization when I copied some GB to a geli encrypted drive, so the performance drop is not sooo much.


----------



## fender0107401 (Dec 23, 2008)

Good news, before this I think the hard_disk encryption will consume many resource.
Now I know that for modern computer it is acceptable.


----------



## graudeejs (Dec 23, 2008)

fender0107401 said:
			
		

> Good news, before this I think the hard_disk encryption will consume many resource.
> Now I know that for modern computer it is acceptable.



I use full HDD encryption on my 4-5year old PC.
Didn't noticed any difference in performance


----------



## wayward (Dec 23, 2008)

I too use Geli encryption (24 character password) on my pentium III 500 MHZ, on a 2GB RAID Drive.  And sometimes i get a 74% CPU peak but thats it. So Its time to drive it further! What amazes me further that i never expierenced any errors. In windows i'am scared about these things....!!!

I found the following manual:
http://www.ish.com.au/solutions/articles/freebsdzfs

When i add another GB i will try this on my backup server and if it works out i will add it to my primairy server.


----------



## syadnom (Dec 26, 2008)

The compression will compound the issue.  You may notice that encryption does not eat up your entire cpu because you may be running into an i/o or bandwidth limitation on the disks.  If you encrypt a ramdisk, every access will peg the cpu because there will be no disk bottleneck..  

Compression is going to add another layer of cpu usage, but it will also use less disk bandwidth (because the files are smaller on disk) which will cause you to use more cpu for encryption(again, no disk bottleneck).  You will trade a disk bottleneck for a cpu bottleneck.

lzof compression on zfs can use 100% of ANY cpu that you throw at it if you have enough bandwidth.  I have an opensolaris, 10 disk zfs raidz2 array and lzof compression can peg 1 core of my 3ghz core2 quad (single thread) and a lot of disk access to compressed files can peg all 4 cores.  This is a good thing, id rather peg the cpu and get the operation completed!  The downside is that if you are trying to use the cpu for something else then performance will suffer.

is storage space so important on this system?  I dont know your system specs but this would be a bad idea on a p3 500mhz or less system, like the geod alix system in a previous post.  Your cpu will spend all of it's time reading and writing to the disk and no time doing any real work.


----------



## wayward (Dec 30, 2008)

In that case, i will not use it together. Thanx!


----------

