Date: Thu, 29 Jul 2010 14:52:44 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Jozsi Vadkan <jozsi.avadkan@gmail.com> Cc: FreeBSD Mailing list <freebsd-questions@freebsd.org> Subject: Re: encrypt whole system using zfs Message-ID: <20100729125244.GA22971@slackbox.erewhon.net> In-Reply-To: <1280402779.4287.16.camel@localhost> References: <1280402779.4287.16.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 29, 2010 at 01:26:19PM +0200, Jozsi Vadkan wrote: > With dm_crypt&lvm, i can install a Debian [in sraid1], that has only the > mbr & the "/boot" unencrypted.=20 >=20 > So if someone steals the server/hdds, it can't do anything to them. > That's ok. They can wipe the harddrive and re-sell the machine or parts, which is what most thieves are interested in, I suspect. > I'm a newbie to FreeBSD, and I want to use it in the future. I'm looking > for these "features", that i mentioned above. IMHO, it is a bad idea to encrypt the standard OS data and files, because t= his potentially gives an attacker a lot of "known plaintext" to attack the encryption!=20 It is better to put your data (and only your data) on a separate partition = and encrypt that with geli(8). Also, read =A718.16.2 of the FreeBSD handbook th= at deals with geli encryption. > So, if someone has a little time, can someone post just a few > howtos/links, how to do this? Here you go: http://www.xs4all.nl/~rsmith/unix/encryption.xhtml Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --jI8keyz6grp/JLjh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAkxReZwACgkQEnfvsMMhpyUQDQCfdoWGrTpitMCEkiOuS+jGbbfC px8AoI1QbNBgl553LjjpLIzaBl/ykPdl =U9Ep -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100729125244.GA22971>