Date: Tue, 21 Apr 2009 00:59:46 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Bernt Hansson <bernt@bah.homeip.net> Cc: freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli Message-ID: <87zlebc7fx.fsf@kobe.laptop> In-Reply-To: <49ECCF4E.3060104@bah.homeip.net> (Bernt Hansson's message of "Mon, 20 Apr 2009 21:38:54 %2B0200") References: <49ECCF4E.3060104@bah.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt@bah.homeip.net> wrote:
> Hello list!
>
> I was thinking of makeing a slice encrypted with geli.
>
> My question is: does geli init -s 4096 /dev/ad* erase the data on the
> slice. The handbook didn't say yes or no, and I don't want to try
> without asking.
No, but if you plan to use geli to encrypt data that will end up on the
slice it may be a useful thing to:
a) keep a backup copy of the data in its unencrypted form
b) overwrite the entire partition with random bytes (increased entropy
means that it is harder to 'attack' the final encrypted data stream
when geli starts writing over parts of the encrypted slice)
c) attach the randomized partition with geli
d) newfs the xxx.eli device
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87zlebc7fx.fsf>