From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 13:25:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D44F316A40F for ; Thu, 14 Dec 2006 13:25:08 +0000 (UTC) (envelope-from avatar4d@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id E521A43CA0 for ; Thu, 14 Dec 2006 13:23:32 +0000 (GMT) (envelope-from avatar4d@gmail.com) Received: by nz-out-0506.google.com with SMTP id i11so243245nzh for ; Thu, 14 Dec 2006 05:25:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=c7QO8hlTJqMrGFl6BfeusLJ5F3Hs89XA1LOis2AcesFZAZzgqjzqs8V8KNKaNHVt99X+o3gCmvkEVJuTG6LN6v6gu1XEzEbqazkeXkIs6xZA+anWQIcyN4M2MfdYyMC30iNIGC8wCmBHNlWyzLFV6g2Sj6zrLphM4noBhsURmkQ= Received: by 10.64.10.2 with SMTP id 2mr1459233qbj.1166102706948; Thu, 14 Dec 2006 05:25:06 -0800 (PST) Received: by 10.65.75.14 with HTTP; Thu, 14 Dec 2006 05:25:06 -0800 (PST) Message-ID: <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com> Date: Thu, 14 Dec 2006 08:25:06 -0500 From: "Chad Gross" To: "Fabian Keil" In-Reply-To: <20061214132434.5ac20b82@localhost> MIME-Version: 1.0 References: <457C686E.5050504@locolomo.org> <20061214132434.5ac20b82@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: How safe is encrypted disks? (data integrity) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 13:25:08 -0000 On 12/14/06, Fabian Keil wrote: > > Erik Norgaard wrote: > > > I have been thinking to make /home on my laptop encrypted - seems like a > > good idea if it gets stolen. Now, how safe is this? Not in terms of the > > strength of the encryption algorithm, but in terms of integrity. > > I have no insight on the code, but as nobody else answered, > my response may be better than nothing. > > > What happens in case of power failure, the battery runs out or system > > crashes for whatever reason? > > I have my home slice encrypted with GELI for several month now > and so far I didn't notice any effects on the data integrity. > > I experienced several system crashes and one or two power failures > do to empty battery but I didn't lose any data already saved > on the disk (that I know of). > > The only inconvenience is that the system boots to single-user > mode if the home slice isn't clean and I then have to fsck it > manually. > > At that point the password for the key is already entered, > so I'm not sure why the slice can't be fscked automatically. > It could be the .eli extension, but I didn't investigate this > any further. > > Fabian > -- > http://www.fabiankeil.de/ > > > Erik, I also use geli and it works great. I have had power failures as well and have not lost any data upon reboot. Fabian, Yes the manual fsck is a pain. I am not sure why it has to be done manually either, but I don't think it is just the .eli extension. Did you notice you have to specify that it is UFS as well? Another thing to consider is the performance hit when using geli with a high encryption. I have mine set to the highest (I think) bit possible and when transferring anything ~500MB+ it lags the system a bit to do the encryption. Chad