Date: Fri, 15 Dec 2006 15:46:11 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-questions@freebsd.org Subject: Re: How safe is encrypted disks? (data integrity) Message-ID: <20061215154611.4ea2275c@localhost> In-Reply-To: <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com> References: <457C686E.5050504@locolomo.org> <20061214132434.5ac20b82@localhost> <17489c7a0612140525i46b19403k96ac866be59ca951@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_U6cDDYhNom4Z0Qwjf23pl3A Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "Chad Gross" <avatar4d@gmail.com> wrote: > On 12/14/06, Fabian Keil <freebsd-listen@fabiankeil.de> wrote: > > > > Erik Norgaard <norgaard@locolomo.org> wrote: > > > > > I have been thinking to make /home on my laptop encrypted - seems lik= e a > > > good idea if it gets stolen. Now, how safe is this? Not in terms of t= he > > > strength of the encryption algorithm, but in terms of integrity. > > > What happens in case of power failure, the battery runs out or system > > > crashes for whatever reason? > > > > I have my home slice encrypted with GELI for several month now > > and so far I didn't notice any effects on the data integrity. > > > > I experienced several system crashes and one or two power failures > > do to empty battery but I didn't lose any data already saved > > on the disk (that I know of). > > > > The only inconvenience is that the system boots to single-user > > mode if the home slice isn't clean and I then have to fsck it > > manually. > > > > At that point the password for the key is already entered, > > so I'm not sure why the slice can't be fscked automatically. > > It could be the .eli extension, but I didn't investigate this > > any further. > Yes the manual fsck is a pain. I am not sure why it has to be done manual= ly > either, but I don't think it is just the .eli extension. Did you notice = you > have to specify that it is UFS as well? Yes, I forgot to mention it because I now always call fsck_ffs directly. I guess this could also explain why it has to be done manually. Fabian --=20 http://www.fabiankeil.de/ --Sig_U6cDDYhNom4Z0Qwjf23pl3A Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFgrU9BYqIVf93VJ0RAiFtAJ9oIhz/kOiUhbJkcON4weOzRY626ACfRZzx Co7dwvf0Rt+xDUm4Y788UGU= =uz6a -----END PGP SIGNATURE----- --Sig_U6cDDYhNom4Z0Qwjf23pl3A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061215154611.4ea2275c>