From owner-freebsd-questions@FreeBSD.ORG Tue Apr 21 12:23:33 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92DF41065698 for ; Tue, 21 Apr 2009 12:23:33 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id 127758FC13 for ; Tue, 21 Apr 2009 12:23:32 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from kw.homeip.net (c80-217-74-76.bredband.comhem.se [80.217.74.76]) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id n3LCNTLC050352; Tue, 21 Apr 2009 14:23:30 +0200 (CEST) (envelope-from bernt@bah.homeip.net) Message-ID: <49EDBAB6.1020201@bah.homeip.net> Date: Tue, 21 Apr 2009 14:23:18 +0200 From: Bernt Hansson User-Agent: slrn/1.0.8 (FreeBSD) MIME-Version: 1.0 To: Giorgos Keramidas References: <49ECCF4E.3060104@bah.homeip.net> <87zlebc7fx.fsf@kobe.laptop> In-Reply-To: <87zlebc7fx.fsf@kobe.laptop> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2009 12:23:35 -0000 Giorgos Keramidas said the following on 2009-04-20 23:59: > On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson wrote: >> Hello list! >> >> I was thinking of makeing a slice encrypted with geli. >> >> My question is: does geli init -s 4096 /dev/ad* erase the data on the >> slice. The handbook didn't say yes or no, and I don't want to try >> without asking. > > No, No, what? does it erase the data or not. > but if you plan to use geli to encrypt data that will end up on the > slice it may be a useful thing to: > > a) keep a backup copy of the data in its unencrypted form Bad idea. > b) overwrite the entire partition with random bytes (increased entropy > means that it is harder to 'attack' the final encrypted data stream > when geli starts writing over parts of the encrypted slice) But I want to keep the info on the slice.