Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Feb 2013 11:48:48 +0100
From:      mhca12 <mhca12@gmail.com>
To:        kpneal@pobox.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: geli overhead?
Message-ID:  <CAHUOman0bnOjnPtGZht-ifEmBbTH5JAH5jU9We_JB9xc9LwhrA@mail.gmail.com>
In-Reply-To: <20130204234451.GA82043@neutralgood.org>
References:  <CAHUOmamYud7md9=5yYfWvEsQZUWKHgPRUdwhUpaNae71B-nxvA@mail.gmail.com> <abe71e782475fd98aef8e77721e3be9b@dweimer.net> <CAHUOmanYfr2B0sM%2B4mtzJnwyAWXf7uLTWF8mKWSMpiqJcg6fgQ@mail.gmail.com> <20130204234451.GA82043@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Feb 5, 2013 at 12:44 AM,  <kpneal@pobox.com> wrote:
> On Mon, Feb 04, 2013 at 10:25:33PM +0100, mhca12 wrote:
>> On Mon, Feb 4, 2013 at 10:19 PM, dweimer <dweimer@dweimer.net> wrote:
>> > On 02/04/2013 2:56 pm, mhca12 wrote:
>> >>
>> >> Is there some overhead associated with the geli setup as
>> >> described earlier?
>
>> >> Where did 21G from the 148G go?
>> >>
>> >> As suggested in dan.me.uk geli install guide I used geli init -a
>> >> HMAC/SHA256
>> >> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume.
>
>> > Did you use the -a option when doing the geli init?
>> >
>> >
>> >  -a aalgo        Enable data integrity verification (authenti-
>> >                                 cation) using the given algorithm.  This
>> > will
>> >                                 reduce size of available storage and also
>> >                                 reduce speed.  For example, when using 4096
>> >                                 bytes sector and HMAC/SHA256 algorithm, 89%
>> > of
>> >                                 the original provider storage will be avail-
>> >                                 able for use.  Currently supported
>> > algorithms
>> >                                 are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160,
>> >                                 HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512.
>> > If
>> >                                 the option is not given, there will be no
>> >                                 authentication, only encryption.  The recom-
>> >                                 mended algorithm is HMAC/SHA256.
>>
>> Yes I did (see above).
>>
>> Do I have to init the volume again to skip authentication?
>
> Probably yes.
>
>> Does skipping authentication also remove the requirement of
>> zeroing the whole eli disk for the checksums?
>
> Yes.

Thanks I'll reinstall the machine then.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHUOman0bnOjnPtGZht-ifEmBbTH5JAH5jU9We_JB9xc9LwhrA>