Date: Wed, 27 May 2009 18:57:11 +0300 From: Dan Naumov <dan.naumov@gmail.com> To: freebsd-geom@freebsd.org Subject: Re: Questions on GELI encryption Message-ID: <cf9b1ee00905270857m6e7101f8wcaf5f62b75cfbfaa@mail.gmail.com> In-Reply-To: <cf9b1ee00905270656s3970200ap7488ed686ed45f85@mail.gmail.com> References: <cf9b1ee00905270445k179b9354sa44acee91507cfb8@mail.gmail.com> <E1M9IDy-000B1z-U0@dilbert.ticketswitch.com> <cf9b1ee00905270625g51c4803cj9b246097da0ad3a0@mail.gmail.com> <A30A1B3798866D4CAE189313FDD084081163A4@exchange.paymentallianceintl.com> <cf9b1ee00905270656s3970200ap7488ed686ed45f85@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And some further questions: 1) Is there any basis for the claims that in the event of a failure (power outage, slowly dying drive, etc) that one is much more likely to lose ALL his data when using encryption vs not using any encryption? The argument is that when you have a non-encrypted drive or partition that is damaged, you have a lot of tools at your disposal to attempt to recover your data, but if your data is encrypted, even relatively low amount of damage in the "wrong" place on the drive/partition can cause it to become undecipherable and cause complete loss of data. 2) Thanks to the help I have received so far, I now know how to use "passkey + keyfile", "keyfile" and "passkey" init and authentication methods for a encrypted GELI provider. The question I have is whether it is possible to have a "passkey OR keyfile" authentication method when using GELI. The idea is to normally use a strong passkey for attaching and using the providers, while keeping a keyfile stored "elsewhere" in a safe location out of premises. In the event of forgetting the passkey, the keyfile would be retrieved and used to access the data and change the forgotten passkey. Thanks again for your insight. - Dan Naumov On Wed, May 27, 2009 at 4:56 PM, Dan Naumov <dan.naumov@gmail.com> wrote: > Thanks, that worked like a charm. Is there a way to have background > fsck autolaunch itself when an attempt is made to mount an unclean ufs > filesystem on a geli provider? > > - Dan Naumov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf9b1ee00905270857m6e7101f8wcaf5f62b75cfbfaa>