Date: Sun, 24 Oct 2010 12:32:38 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: geli keys Message-ID: <20101024123238.34c4344a@gumby.homeunix.com> In-Reply-To: <20101024101457.GA72426@admin.sibptus.tomsk.ru> References: <20101024101457.GA72426@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 24 Oct 2010 17:14:57 +0700 Victor Sudakov <sudakov@sibptus.tomsk.ru> wrote: > Colleagues, > > The geli(8) man page suggests initializing a geli provider with a > random keyfile (geli init -K). It also asks for a passphrase by > default. > > What happens if a provider is initialized without the -K option, just > with a passphrase? Will there be no encryption? Encryption will be > weaker? You can use either or both, they get combined. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101024123238.34c4344a>