Comment by jama211
4 days ago
In general I agree with you but there is one difference - a sneaky user with physical access can read it and _not_ change it, vs changing it. The latter is more detectable. But this is minor.
4 days ago
In general I agree with you but there is one difference - a sneaky user with physical access can read it and _not_ change it, vs changing it. The latter is more detectable. But this is minor.
Yeah. Unfortunately, ZFS encryption is missing a few creature comforts of something like LUKS. I've stuck with native OpenZFS mechanisms, though, to keep the complexity sprawl to a minimum.