Choosing a value for the ZFS encryption property
By DarrenMoffat on Nov 16, 2010
The 'on' value for the ZFS encryption property maps to 'aes-128-ccm', because it is the fastest of the 6 available
modes of encryption currently provided and is believed to provide sufficient security for many deployments. Depending on the filesystem/zvol workload you may not be able to notice (or care if you do notice) the difference between the AES key lengths and modes. However note that at this time I believe the collective wisdom in the cryptography community appears to be to recommend AES128 over AES256. [Note that this is not a statement of Oracle's endorsement or verification of that research].
Both CCM and GCM are provided so that if one turns out to have flaws, and modes of an encryption algorithm some times do have flaws independent of the base algorithm, hopefully the other will still be available for use safely.
On systems without hardware/cpu support for Galios multiplication (for example Intel Westmere or SPARC T3) GCM will be slower because the Galios field multiplication has to happen in software without any hardware/cpu assist. However depending on your workload you might not even notice the difference between CCM and GCM.
One reason you may want to select aes-128-gcm rather than aes-128-ccm is that GCM is one of the modes for AES in NSA Suite B but CCM is not.
ZFS encryption was designed and implemented to be extensible to new algorithm/mode combinations for data encryption and key wrapping.
Are there symmetric algorithms, for data encryption, other than AES that are of interest?
The wrapping key algorithm currently matches the data encryption key algorithm, is there interest in providing different wrapping key algorithms and configuration properties for selecting which one ? For example doing key wrapping with an RSA keypair/certificate ?
[Note this is not a commitment from Oracle to implementing/providing any suggested additions in any release of any product but if there are others of interest we would like to know so they can be considered.]