From owner-freebsd-questions@FreeBSD.ORG Sun Oct 24 11:32:43 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86E2110656C1 for ; Sun, 24 Oct 2010 11:32:43 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 1851B8FC18 for ; Sun, 24 Oct 2010 11:32:42 +0000 (UTC) Received: by wwb24 with SMTP id 24so2334203wwb.31 for ; Sun, 24 Oct 2010 04:32:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=lX7+YSV1r+kKaCpO7s8nznH7U/my3On/1uZqcUI5FZk=; b=he2gBsEhrfGfQ7YBH1Rfujh603sca0BNu4vjd0VDjdAcGy7MPEJ3VwAqSShjd/Prte OXjAGMl5/62w41FtflpBxfQa+ALbJZZv31cOAuO47Y6NMWgsryGfDy/ONtO3ue9i4bBn 73u/eMyA6H4Q4Ys/jBDz+sopmUIeOTr6enRWs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=QNEh4EptYZUBmeT7JssaKnvqOvExW3PrjARqIlAHyENnvpcT3rAoiQYqAuzm6vipah g0MIzNN41qdEjENJVCm/S5j+oldztygnDwEGu/lQqUkiC8IqyCTW/z4dkjYkTPiFf0BV 5PCWwwzYy/RpLnSfwrgM49Ds7AgYJV9+/hFJg= Received: by 10.227.28.96 with SMTP id l32mr5067254wbc.138.1287919962060; Sun, 24 Oct 2010 04:32:42 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id h29sm4540312wbc.9.2010.10.24.04.32.40 (version=SSLv3 cipher=RC4-MD5); Sun, 24 Oct 2010 04:32:41 -0700 (PDT) Date: Sun, 24 Oct 2010 12:32:38 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20101024123238.34c4344a@gumby.homeunix.com> In-Reply-To: <20101024101457.GA72426@admin.sibptus.tomsk.ru> References: <20101024101457.GA72426@admin.sibptus.tomsk.ru> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: geli keys X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 11:32:43 -0000 On Sun, 24 Oct 2010 17:14:57 +0700 Victor Sudakov wrote: > Colleagues, > > The geli(8) man page suggests initializing a geli provider with a > random keyfile (geli init -K). It also asks for a passphrase by > default. > > What happens if a provider is initialized without the -K option, just > with a passphrase? Will there be no encryption? Encryption will be > weaker? You can use either or both, they get combined. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both.