Date: Tue, 21 Apr 2009 14:23:18 +0200 From: Bernt Hansson <bernt@bah.homeip.net> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli Message-ID: <49EDBAB6.1020201@bah.homeip.net> In-Reply-To: <87zlebc7fx.fsf@kobe.laptop> References: <49ECCF4E.3060104@bah.homeip.net> <87zlebc7fx.fsf@kobe.laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas said the following on 2009-04-20 23:59: > On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt@bah.homeip.net> wrote: >> Hello list! >> >> I was thinking of makeing a slice encrypted with geli. >> >> My question is: does geli init -s 4096 /dev/ad* erase the data on the >> slice. The handbook didn't say yes or no, and I don't want to try >> without asking. > > No, No, what? does it erase the data or not. > but if you plan to use geli to encrypt data that will end up on the > slice it may be a useful thing to: > > a) keep a backup copy of the data in its unencrypted form Bad idea. > b) overwrite the entire partition with random bytes (increased entropy > means that it is harder to 'attack' the final encrypted data stream > when geli starts writing over parts of the encrypted slice) But I want to keep the info on the slice.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EDBAB6.1020201>