From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 18:00:03 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7CED1065705 for ; Wed, 14 Jan 2009 18:00:03 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr4.xs4all.nl (smtp-vbr4.xs4all.nl [194.109.24.24]) by mx1.freebsd.org (Postfix) with ESMTP id 5830F8FC1B for ; Wed, 14 Jan 2009 18:00:01 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr4.xs4all.nl (8.13.8/8.13.8) with ESMTP id n0EHxsJB018911; Wed, 14 Jan 2009 18:59:55 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id B7061BA9A; Wed, 14 Jan 2009 18:59:54 +0100 (CET) Date: Wed, 14 Jan 2009 18:59:54 +0100 From: Roland Smith To: Johann Hasselbach Message-ID: <20090114175954.GC97086@slackbox.xs4all.nl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oJ71EGRlYNjSvfq7" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.18 (2008-05-17) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: freebsd encrypted hard disk? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 18:00:04 -0000 --oJ71EGRlYNjSvfq7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 14, 2009 at 12:23:09PM -0500, Johann Hasselbach wrote: > I read the "encrypting disk partitions" section of the Handbook. What > is the preferred method nowdays, geli or gbde? Geli seems to be the preferred method these days. It is also what I use to encrypt my /home. It works without problems for me. A geli-encrypted device gets the extension .eli. The boot scripts handle it automatically when they see an .eli device in /etc/fstab. Depending on how you configured it you might have to give the passphrase. You can even encrypt your root directory, but in that case I think you'll need an unencrypted partition for /boot. > Is there another method that would be better? Depends on what you define as better. I don't think so. Geli is convenient and seems to work well. On modern machines the performance penalty is slight. It supports well-regarded encryption algorithms like AES and Blowfish. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --oJ71EGRlYNjSvfq7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkluKBoACgkQEnfvsMMhpyUllQCeIbMQa3L3FSZIC6E2U7SNAUMj b7QAoJvVY05xerDYi3ncnRzANbPcqYCC =yHKI -----END PGP SIGNATURE----- --oJ71EGRlYNjSvfq7--