Date: Mon, 14 Jan 2008 21:15:37 +0000 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-geom@freebsd.org Subject: Re: how-to: encryption + journaling (geli + gjournal) Message-ID: <20080114211537.1f8ed0ff@gumby.homeunix.com.> In-Reply-To: <478B5F8A.7090408@vwsoft.com> References: <478A93BF.4070404@vwsoft.com> <20080114011412.33a91fac@gumby.homeunix.com.> <478B5F8A.7090408@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jan 2008 13:11:38 +0000 Volker <volker@vwsoft.com> wrote: > On 12/23/-58 19:59, RW wrote: > > It would probably be faster to fill /dev/ad0s1d from /dev/random > > before doing the geli init - there's no point in encrypting the > > random numbers. It would also ensure that the whole of ad0s1d is > > pre-filled, and not just the part accessible as ad0s1d.eli. > > If you think it doesn't make sense or is a fault, please file a PR as > filling the data provider with random data has been taken from the > manpage geli(8). It's only an example. > > Otherwise I'm considering this being a bike shed. > > If you know it better, I'm wondering why you haven't written a how to > in the past? There's no need to be rude, I'm only trying to help. In my experience writing from /dev/random to a raw partition is almost twice as fast as writing to an .eli device - essentially it's single verses double encryption. I recently filled a raw partition on a 500GB drive and it took 6 hours, doing it on the eli device would have taken about 11 hours. I think you'd have to have a lot of time on your hands to consider this a bike shed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080114211537.1f8ed0ff>