From owner-freebsd-questions@FreeBSD.ORG Tue Feb 5 10:48:49 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 877514DA for ; Tue, 5 Feb 2013 10:48:49 +0000 (UTC) (envelope-from mhca12@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 46FC9D5F for ; Tue, 5 Feb 2013 10:48:49 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id va7so7429305obc.13 for ; Tue, 05 Feb 2013 02:48:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=0YRB8UNoKNwiPOuTLu1mlvP0iSu+fxmT+ODZnYH4tHs=; b=I2axyzSQTwxrndP6+o6Q5G3b3FO8axA1LZZkHrdVPz89/pkRohxG0T/1JSeBPQDuR7 OSFQo5oWSREU03m8QdZ5SkevKHYwqRTrp0dJ5lPyflkFui3wo53b526wXzau5CW2vHuc cvAWed1m7j2h/BHzZQZxHnAJw042MnsuU/k1q4DQYtovwW7kahSV1WSPV5xyqXWoMK2s HgspZjxgWknDRyN30SRjqaTZvrs4HdJG/C4UKlDWidKJP9bqDKmQkLAUhVh4baIdSnRe USNK5rKNeBn0XLEqTVJDE97kg0RULt9k/dBbbLwWb5GYcWpRyORofDIoQvCtEMelMxMR PrVQ== MIME-Version: 1.0 X-Received: by 10.182.8.70 with SMTP id p6mr17598596oba.90.1360061328654; Tue, 05 Feb 2013 02:48:48 -0800 (PST) Received: by 10.76.34.73 with HTTP; Tue, 5 Feb 2013 02:48:48 -0800 (PST) In-Reply-To: <20130204234451.GA82043@neutralgood.org> References: <20130204234451.GA82043@neutralgood.org> Date: Tue, 5 Feb 2013 11:48:48 +0100 Message-ID: Subject: Re: geli overhead? From: mhca12 To: kpneal@pobox.com Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 10:48:49 -0000 On Tue, Feb 5, 2013 at 12:44 AM, wrote: > On Mon, Feb 04, 2013 at 10:25:33PM +0100, mhca12 wrote: >> On Mon, Feb 4, 2013 at 10:19 PM, dweimer wrote: >> > On 02/04/2013 2:56 pm, mhca12 wrote: >> >> >> >> Is there some overhead associated with the geli setup as >> >> described earlier? > >> >> Where did 21G from the 148G go? >> >> >> >> As suggested in dan.me.uk geli install guide I used geli init -a >> >> HMAC/SHA256 >> >> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume. > >> > Did you use the -a option when doing the geli init? >> > >> > >> > -a aalgo Enable data integrity verification (authenti- >> > cation) using the given algorithm. This >> > will >> > reduce size of available storage and also >> > reduce speed. For example, when using 4096 >> > bytes sector and HMAC/SHA256 algorithm, 89% >> > of >> > the original provider storage will be avail- >> > able for use. Currently supported >> > algorithms >> > are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160, >> > HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512. >> > If >> > the option is not given, there will be no >> > authentication, only encryption. The recom- >> > mended algorithm is HMAC/SHA256. >> >> Yes I did (see above). >> >> Do I have to init the volume again to skip authentication? > > Probably yes. > >> Does skipping authentication also remove the requirement of >> zeroing the whole eli disk for the checksums? > > Yes. Thanks I'll reinstall the machine then.