Date: Wed, 14 Jan 2009 18:59:54 +0100 From: Roland Smith <rsmith@xs4all.nl> To: Johann Hasselbach <jhass88@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: freebsd encrypted hard disk? Message-ID: <20090114175954.GC97086@slackbox.xs4all.nl> In-Reply-To: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com> References: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--oJ71EGRlYNjSvfq7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 14, 2009 at 12:23:09PM -0500, Johann Hasselbach wrote: > I read the "encrypting disk partitions" section of the Handbook. What > is the preferred method nowdays, geli or gbde? Geli seems to be the preferred method these days. It is also what I use to encrypt my /home. It works without problems for me. A geli-encrypted device gets the extension .eli. The boot scripts handle it automatically when they see an .eli device in /etc/fstab. Depending on how you configured it you might have to give the passphrase. You can even encrypt your root directory, but in that case I think you'll need an unencrypted partition for /boot. > Is there another method that would be better? Depends on what you define as better. I don't think so. Geli is convenient and seems to work well. On modern machines the performance penalty is slight. It supports well-regarded encryption algorithms like AES and Blowfish. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --oJ71EGRlYNjSvfq7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkluKBoACgkQEnfvsMMhpyUllQCeIbMQa3L3FSZIC6E2U7SNAUMj b7QAoJvVY05xerDYi3ncnRzANbPcqYCC =yHKI -----END PGP SIGNATURE----- --oJ71EGRlYNjSvfq7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090114175954.GC97086>