From owner-freebsd-questions@FreeBSD.ORG Wed Jan 27 14:47:05 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87E8C106580C for ; Wed, 27 Jan 2010 14:47:05 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by mx1.freebsd.org (Postfix) with ESMTP id 18D138FC19 for ; Wed, 27 Jan 2010 14:47:04 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e12so1151663fga.13 for ; Wed, 27 Jan 2010 06:47:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=Ef11iO6MZJQNO9zrbxNSTx8WqRIkr8G0JgXs2S87bI8=; b=e/O31RQif3lSelxnvwbcwW01HPdMOcqpI1tzLTWbekVEGH0d3nEcjWGvCWP0zHAptm viGr+F9Cf154SE5vl+vU4k1uO1ZrotgkgDhVIdB1Xa3z58wBtjorG0szqr4CVKcvwRff p8F0x4uazW/5YBdqUXa5D9aErtEFKL9hm6DOI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=iAzlBwXII89c5fAd6AZxJ8V7rvEaagqtUbafQyM/sVblwJJ2w5Df7m8d9W9vLbXDBe rWwb9Nd9TxwfVt8Aef89dV4qfnGJ+qrxD3f8I1Ti2frNANyTDvqYPEp/b20hatiaNNyj J+OQYh4ndZUD3/44k8TbxSR/bWqjl5hdThW0w= Received: by 10.86.236.26 with SMTP id j26mr14191065fgh.77.1264603623297; Wed, 27 Jan 2010 06:47:03 -0800 (PST) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id l19sm10823936fgb.5.2010.01.27.06.47.01 (version=SSLv3 cipher=RC4-MD5); Wed, 27 Jan 2010 06:47:02 -0800 (PST) Date: Wed, 27 Jan 2010 14:46:59 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20100127144659.59f84863@gumby.homeunix.com> In-Reply-To: <64c038661001270313v7990c0b9m6dff12504f04cfef@mail.gmail.com> References: <64c038661001270313v7990c0b9m6dff12504f04cfef@mail.gmail.com> X-Mailer: Claws Mail 3.7.4 (GTK+ 2.18.6; i386-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Does geli metadata contain sensitive information? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2010 14:47:05 -0000 On Wed, 27 Jan 2010 04:13:42 -0700 Modulok wrote: > Does a geli metadata backup contain any sensitive information? Like... > should apply the same precations as I do the key and password? If you change the keyfile the metadata is changed and the old keyfile becomes useless; but if the attacker also has the old metadata file they can make use of the old keyfile. Likewise if someone has the metadata you lose the ability to delete all copies of it making the partition instantaneously unrecoverable.