Date: Thu, 14 Dec 2006 16:21:41 +0000 From: Hugo Silva <hugo@barafranca.com> To: freebsd-questions@freebsd.org Subject: Re: How safe is encrypted disks? (data integrity) Message-ID: <45817A15.1030405@barafranca.com> In-Reply-To: <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com> References: <457C686E.5050504@locolomo.org> <20061214132434.5ac20b82@localhost> <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Gross wrote: > On 12/14/06, Fabian Keil <freebsd-listen@fabiankeil.de> wrote: >> >> Erik Norgaard <norgaard@locolomo.org> wrote: >> >> > I have been thinking to make /home on my laptop encrypted - seems >> like a >> > good idea if it gets stolen. Now, how safe is this? Not in terms of >> the >> > strength of the encryption algorithm, but in terms of integrity. >> >> I have no insight on the code, but as nobody else answered, >> my response may be better than nothing. >> >> > What happens in case of power failure, the battery runs out or system >> > crashes for whatever reason? >> >> I have my home slice encrypted with GELI for several month now >> and so far I didn't notice any effects on the data integrity. >> >> I experienced several system crashes and one or two power failures >> do to empty battery but I didn't lose any data already saved >> on the disk (that I know of). >> >> The only inconvenience is that the system boots to single-user >> mode if the home slice isn't clean and I then have to fsck it >> manually. >> >> At that point the password for the key is already entered, >> so I'm not sure why the slice can't be fscked automatically. >> It could be the .eli extension, but I didn't investigate this >> any further. >> >> Fabian >> -- >> http://www.fabiankeil.de/ >> >> >> > Erik, > > I also use geli and it works great. I have had power failures as well and > have not lost any data upon reboot. > > Fabian, > > Yes the manual fsck is a pain. I am not sure why it has to be done > manually > either, but I don't think it is just the .eli extension. Did you > notice you > have to specify that it is UFS as well? > > > > Another thing to consider is the performance hit when using geli with > a high > encryption. I have mine set to the highest (I think) bit possible and > when > transferring anything ~500MB+ it lags the system a bit to do the > encryption. > > > Chad > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" Just another reply to say it works fine, I have a /private partition on my laptop using GELI for months, without any problems. Since it's not /home (so, not automounted), I have a little script to mount it, which includes a fsck (with some special flags, I'd have to turn the laptop on as I don't remember them, but man fsck should reveal them right away). Hugo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45817A15.1030405>