From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 22:45:31 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 58E0116AA1B for ; Thu, 14 Dec 2006 22:45:30 +0000 (UTC) (envelope-from wojtek@tensor.3miasto.net) Received: from chylonia.3miasto.net (chylonia.3miasto.net [213.192.74.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58C4144066 for ; Thu, 14 Dec 2006 22:42:06 +0000 (GMT) (envelope-from wojtek@tensor.3miasto.net) Received: from chylonia.3miasto.net (localhost [127.0.0.1]) by chylonia.3miasto.net (8.13.4/8.13.4) with ESMTP id kBEMh8g9033195; Thu, 14 Dec 2006 23:43:08 +0100 (CET) (envelope-from wojtek@tensor.3miasto.net) Received: from localhost (wojtek@localhost) by chylonia.3miasto.net (8.13.4/8.13.4/Submit) with ESMTP id kBEMh7Rh033192; Thu, 14 Dec 2006 23:43:08 +0100 (CET) (envelope-from wojtek@tensor.3miasto.net) X-Authentication-Warning: chylonia.3miasto.net: wojtek owned process doing -bs Date: Thu, 14 Dec 2006 23:43:07 +0100 (CET) From: Wojciech Puchar X-X-Sender: wojtek@chylonia.3miasto.net To: Fabian Keil In-Reply-To: <20061214132434.5ac20b82@localhost> Message-ID: <20061214234003.L32744@chylonia.3miasto.net> References: <457C686E.5050504@locolomo.org> <20061214132434.5ac20b82@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: How safe is encrypted disks? (data integrity) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 22:45:31 -0000 > >> I have been thinking to make /home on my laptop encrypted - seems like a >> good idea if it gets stolen. Now, how safe is this? Not in terms of the >> strength of the encryption algorithm, but in terms of integrity. > > I have no insight on the code, but as nobody else answered, > my response may be better than nothing. as safe as unencrypted unless you won't forget password. if just perform encryption before writing sector, and decryption after reading - so it's as safe as underlaying hardware. while i'm using gbde not geli, it's true too IMHO. > I experienced several system crashes and one or two power failures > do to empty battery but I didn't lose any data already saved > on the disk (that I know of). exactly will behave as crash on unencrypted partition.