Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

ZFS encryption is much more space efficient than dmcrypt+unencrypted ZFS when combined with zstd compression. This is because it can do compress-then-encrypt instead of encrypt-then-(not-really-)compress. It is also much much faster.

Source: I work for a backup company that uses ZFS a lot.



Can you explain this in more detail? It doesn't seem true on a first glance.

If you enable compression on ZFS that runs on top of dmcrypt volume, it will naturally happen before encryption (since dmcrypt is the lower layer). It's also unclear how it could be much faster, since dmcrypt generally is bottlenecked on AES-NI computation (https://blog.cloudflare.com/speeding-up-linux-disk-encryptio...), which ZFS has to do too.


Oh my bad. I misread your comment. You are doing ZFS on top of dmcrypt, not dmcrypt images/volumes on top of ZFS.


It was my comment and yes indeed that's what I'm doing. Zfs on top of luks


I don't use compression anyway. I don't like the way that the storage pool capacity becomes variable then.


I don't understand. You don't like that some things compress better than others, saving a variable amount of space?


It also saves on wear


Using any file system that supports compression on top of LUKS does compression before encryption




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: