From owner-freebsd-questions@FreeBSD.ORG Mon Sep 1 21:32:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE8EE7C7 for ; Mon, 1 Sep 2014 21:32:42 +0000 (UTC) Received: from mail-we0-x235.google.com (mail-we0-x235.google.com [IPv6:2a00:1450:400c:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 652C214B4 for ; Mon, 1 Sep 2014 21:32:42 +0000 (UTC) Received: by mail-we0-f181.google.com with SMTP id x48so6072275wes.12 for ; Mon, 01 Sep 2014 14:32:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=mLzVo8tHpTUjkMBwpf8i2bvxJCz8pIj0IodGIBAzj4Q=; b=zFNn4VarRnPttmL7BWA/ciaotoafyiP+CTT9KQm+PL0ZrobmxMHK+LdAKSTslj7BZz lrHkpsta8ZFQz8I+CvEAJkHcHRHo72sLKAQJHBUpzhZkIIA7HwY4ts1zm4Vnupow11i0 gu6DGquDTLUR2MxifyG9CRZhTYTMffjVxVO18rNm4Eqz28os2TK7vvRat9XEVGPJFHPL xQ5aQBNGqQ7yrEv6utfmtXj0RQDQSX9Wx1C4sdv6achWZW42mWYU678LUPF2mUs9TLo0 +rLUTOax16m1tVGMwslwQmtHIl9VoBxOh+efSH3gFnWCvFU5P1gvlGsJt/5YK+fXeEDe KW0Q== X-Received: by 10.194.81.230 with SMTP id d6mr35116006wjy.49.1409607160687; Mon, 01 Sep 2014 14:32:40 -0700 (PDT) Received: from gumby.homeunix.com (5ec2dc90.skybroadband.com. [94.194.220.144]) by mx.google.com with ESMTPSA id v4sm4818277wjv.6.2014.09.01.14.32.39 for (version=SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 01 Sep 2014 14:32:39 -0700 (PDT) Date: Mon, 1 Sep 2014 22:32:38 +0100 From: RW To: freebsd-questions@freebsd.org Subject: Re: best solution for encrypting a mountpoint? Message-ID: <20140901223238.4ea8f171@gumby.homeunix.com> In-Reply-To: References: <540341C8.2040003@tysdomain.com> <201408311611.s7VGBVP9050225@fire.js.berklix.net> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.22; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2014 21:32:42 -0000 On Sun, 31 Aug 2014 11:48:57 -0500 Adam Vande More wrote: > Additionally I prefer geli over gbde since it supports a wider > variety of feature and is perhaps more secure. See the corresponding > handbook and man pages for details. I think it's unfortunate that the handbook gives so much prominence to gbde. Most people using it switched to geli when it came out, and it doesn't seemed have any development since then. I don't see any good reason to put it on a new partition, geli is better all round.