From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 16:24:07 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64D4016A8D4 for ; Thu, 14 Dec 2006 16:24:07 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from mail.barafranca.com (mail.barafranca.com [67.19.101.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id 353BD43D9F for ; Thu, 14 Dec 2006 16:20:18 +0000 (GMT) (envelope-from hugo@barafranca.com) Received: from localhost (localhost [127.0.0.1]) by mail.barafranca.com (Postfix) with ESMTP id AA3F9C4315 for ; Thu, 14 Dec 2006 16:35:27 +0000 (UTC) Received: from mail.barafranca.com ([67.19.101.164]) by localhost (mail.barafranca.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80530-10 for ; Thu, 14 Dec 2006 16:34:49 +0000 (UTC) Received: from [192.168.0.1] (a213-22-26-61.cpe.netcabo.pt [213.22.26.61]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.barafranca.com (Postfix) with ESMTP id 2A027C40AE for ; Thu, 14 Dec 2006 16:34:48 +0000 (UTC) Message-ID: <45817A15.1030405@barafranca.com> Date: Thu, 14 Dec 2006 16:21:41 +0000 From: Hugo Silva User-Agent: Thunderbird 1.5.0.7 (X11/20061007) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <457C686E.5050504@locolomo.org> <20061214132434.5ac20b82@localhost> <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com> In-Reply-To: <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at barafranca.com X-Spam-Status: No, score=0 tagged_above=-1 required=4 tests=[none] X-Spam-Score: 0 X-Spam-Level: Subject: Re: How safe is encrypted disks? (data integrity) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 16:24:07 -0000 Chad Gross wrote: > On 12/14/06, Fabian Keil wrote: >> >> Erik Norgaard wrote: >> >> > I have been thinking to make /home on my laptop encrypted - seems >> like a >> > good idea if it gets stolen. Now, how safe is this? Not in terms of >> the >> > strength of the encryption algorithm, but in terms of integrity. >> >> I have no insight on the code, but as nobody else answered, >> my response may be better than nothing. >> >> > What happens in case of power failure, the battery runs out or system >> > crashes for whatever reason? >> >> I have my home slice encrypted with GELI for several month now >> and so far I didn't notice any effects on the data integrity. >> >> I experienced several system crashes and one or two power failures >> do to empty battery but I didn't lose any data already saved >> on the disk (that I know of). >> >> The only inconvenience is that the system boots to single-user >> mode if the home slice isn't clean and I then have to fsck it >> manually. >> >> At that point the password for the key is already entered, >> so I'm not sure why the slice can't be fscked automatically. >> It could be the .eli extension, but I didn't investigate this >> any further. >> >> Fabian >> -- >> http://www.fabiankeil.de/ >> >> >> > Erik, > > I also use geli and it works great. I have had power failures as well and > have not lost any data upon reboot. > > Fabian, > > Yes the manual fsck is a pain. I am not sure why it has to be done > manually > either, but I don't think it is just the .eli extension. Did you > notice you > have to specify that it is UFS as well? > > > > Another thing to consider is the performance hit when using geli with > a high > encryption. I have mine set to the highest (I think) bit possible and > when > transferring anything ~500MB+ it lags the system a bit to do the > encryption. > > > Chad > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" Just another reply to say it works fine, I have a /private partition on my laptop using GELI for months, without any problems. Since it's not /home (so, not automounted), I have a little script to mount it, which includes a fsck (with some special flags, I'd have to turn the laptop on as I don't remember them, but man fsck should reveal them right away). Hugo