Date: Wed, 18 Jun 2008 21:16:14 -0500 (CDT) From: Greg Rivers <gcr@tharned.org> To: RW <fbsd06@mlists.homeunix.com> Cc: freebsd-geom@freebsd.org Subject: Re: Is geli detectable? Message-ID: <alpine.BSF.1.10.0806182101330.16812@nc8000.tharned.org> In-Reply-To: <20080618225407.1337ad03@gumby.homeunix.com.> References: <20080618225407.1337ad03@gumby.homeunix.com.>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Jun 2008, RW wrote: > Is it possible to tell the difference between a geli partition and a > partition filled with random data? Assuming that the geli partition was > prefilled from /dev/random before the "geli init". > All but the last sector will indeed appear to be more or less random data. But the last sector contains the geli metadata, and thus a distinction can be made. You can prove this by running `geli dump <provider>` when the provider is not attached (decrypted), or by otherwise inspecting the last sector. -- Greg Rivers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0806182101330.16812>