From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 20 20:17:41 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B13F1065672
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Apr 2009 20:17:41 +0000 (UTC)
	(envelope-from modulok@gmail.com)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.172])
	by mx1.freebsd.org (Postfix) with ESMTP id 1147D8FC21
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Apr 2009 20:17:40 +0000 (UTC)
	(envelope-from modulok@gmail.com)
Received: by wf-out-1314.google.com with SMTP id 24so1708565wfg.7
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Apr 2009 13:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=vWG613FjcPgRyHesZPfpbP3CI4m1WZCNb4o5DM8PSRs=;
	b=niP1x7FPYimU/U5SyTTuug9dNobxoHO/PusW/vYMSrorz5WDUlOWKRuJOAkF3nWzKc
	uIDARxRLz/UyA3dgH1FG1g5kIMX4VTrLX0Qb2/il0cdtWbCS3JUeRID3aWv40CKx6E7z
	G4N4cqL7Quf3oRM9fe8z/0xO7MQr80R3Hlkjo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=PBh2nnpSYBClThjCCupOpNLjY15Jq+YlXVdo5oCBeZNvNIuimOvCuOgJhJz8t6CSsX
	3J07QhEmYbJaJi2NnpYjRpuFqfiMjy9k1xTMiNbJWQcv2kOJVkJIX2RHU7EbJN/e1hrg
	Tz5HaLJ5uDzP9X/JZ+Y6r2lTRwP+6JrPhnpGI=
MIME-Version: 1.0
Received: by 10.143.13.16 with SMTP id q16mr4543188wfi.67.1240258660615; Mon, 
	20 Apr 2009 13:17:40 -0700 (PDT)
In-Reply-To: <49ECCF4E.3060104@bah.homeip.net>
References: <49ECCF4E.3060104@bah.homeip.net>
Date: Mon, 20 Apr 2009 14:17:40 -0600
Message-ID: <64c038660904201317k465064c3mece86b4ad9ed1e73@mail.gmail.com>
From: Modulok <modulok@gmail.com>
To: Bernt Hansson <bernt@bah.homeip.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Encrypted slice with geli
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2009 20:17:41 -0000

On 4/20/09, Bernt Hansson <bernt@bah.homeip.net> wrote:
> Hello list!
>
> I was thinking of makeing a slice encrypted with geli.
>
> My question is: does geli init -s 4096 /dev/ad* erase the data on the
> slice. The handbook didn't say yes or no, and I don't want to try
> without asking.

Short answer: Yes, it will blow away your data. It will make any data
which previously lived in the slice inaccessible.  Only do this on an
empty
slice.

Cryptographically speaking: No, the majority of your data still exists as
magnetic signatures on the physical disk. (Though is not directly accessible.)
If your intent was to securely and irrevocably destroy the data on a slice,
the command you showed will not do that.

-Modulok-