From owner-freebsd-questions@FreeBSD.ORG Mon Apr 20 21:59:49 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 987E7106564A for ; Mon, 20 Apr 2009 21:59:49 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 466538FC0A for ; Mon, 20 Apr 2009 21:59:49 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 812DAEB508D; Tue, 21 Apr 2009 00:59:48 +0300 (EEST) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 65CD64509B; Tue, 21 Apr 2009 00:59:48 +0300 (EEST) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nBwyHixCbZBh; Tue, 21 Apr 2009 00:59:48 +0300 (EEST) Received: from kobe.laptop (adsl35-130.kln.forthnet.gr [77.49.162.130]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 342C14503F; Tue, 21 Apr 2009 00:59:48 +0300 (EEST) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n3KLxl7i044701; Tue, 21 Apr 2009 00:59:47 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n3KLxksQ044699; Tue, 21 Apr 2009 00:59:46 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Bernt Hansson References: <49ECCF4E.3060104@bah.homeip.net> Date: Tue, 21 Apr 2009 00:59:46 +0300 In-Reply-To: <49ECCF4E.3060104@bah.homeip.net> (Bernt Hansson's message of "Mon, 20 Apr 2009 21:38:54 +0200") Message-ID: <87zlebc7fx.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 21:59:49 -0000 On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson wrote: > Hello list! > > I was thinking of makeing a slice encrypted with geli. > > My question is: does geli init -s 4096 /dev/ad* erase the data on the > slice. The handbook didn't say yes or no, and I don't want to try > without asking. No, but if you plan to use geli to encrypt data that will end up on the slice it may be a useful thing to: a) keep a backup copy of the data in its unencrypted form b) overwrite the entire partition with random bytes (increased entropy means that it is harder to 'attack' the final encrypted data stream when geli starts writing over parts of the encrypted slice) c) attach the randomized partition with geli d) newfs the xxx.eli device