Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] lto4 hardware compression doesn't work when encryprion on?

2015-11-09 13:32:07
Subject: Re: [Bacula-users] lto4 hardware compression doesn't work when encryprion on?
From: Phil Stracchino <phils AT caerllewys DOT net>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 9 Nov 2015 13:30:40 -0500 
On 11/09/15 12:26, jstacey wrote:
> I recently enabled encryption in my bacula-fd.conf with these
> entries:
> 
> PKI Signatures = Yes PKI Encryption = Yes PKI Keypair =
> "/etc/bacula/client.pem" PKI Master Key = "/etc/bacula/master.cert"
> 
> The encryption works but now my LTO4 tapes can only store around
> 812MB instead of the usual 1.2 -> 1.4 TB  Is this normal?  I might
> enable gzip software compression but this is going to take a chunk
> out of my CPU. I read that it is also possible to enable hardware
> encryption on the drive. Maybe this method would allow me to keep
> using hardware compression? Thanks

This is inherent in how encryption and compression work.  Any good
encryption process should emit ciphertext that contains as little as
possible redundancy, because redundancy opens up possible methods to
attack the ciphertext.  However, compression *relies upon* redundancy.
With no redundancy, compression cannot work.  So ciphertext is generally
incompressible.  On the other hand, eliminating as much redundancy as
possible from cleartext before encrypting it effectively strengthens the
encryption.

So, if you are going to both compress AND encrypt, FIRST compress, THEN
encrypt.  If you encrypt first, you won't be able to compress the
result.  So if you're going to use software encryption, and also want to
use compression, you must use software compression *before* the
encryption stage.  You will not be able to employ hardware compression
on already-encrypted data.  There should be very little to no redundancy
left to compress out.


-- 
  Phil Stracchino
  Babylon Communications
  phils AT caerllewys DOT net
  phil AT co.ordinate DOT org
  Landline: 603.293.8485

------------------------------------------------------------------------------
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] lto4 hardware compression doesn't work when encryprion on?, Bryn Hughes
Next by Date:  [Bacula-users] 7.2.0 storage daemon very chatty at end of media, Steven Falco
Previous by Thread:  Re: [Bacula-users] lto4 hardware compression doesn't work when encryprion on?, Bryn Hughes
Next by Thread:  [Bacula-users] 7.2.0 storage daemon very chatty at end of media, Steven Falco
Indexes:  [Date] [Thread] [Top] [All Lists]