From owner-freebsd-questions@FreeBSD.ORG Tue Mar 20 22:36:24 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 815C316A402 for ; Tue, 20 Mar 2007 22:36:24 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by mx1.freebsd.org (Postfix) with ESMTP id 5B69813C4C1 for ; Tue, 20 Mar 2007 22:36:24 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from gumby.homeunix.com (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id DA19A5194D for ; Tue, 20 Mar 2007 18:36:22 -0400 (EDT) Date: Tue, 20 Mar 2007 22:36:19 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20070320223619.6c18cd08@gumby.homeunix.com> In-Reply-To: <20070320190305.O29971@chylonia.3miasto.net> References: <20070320190305.O29971@chylonia.3miasto.net> X-Mailer: Claws Mail 2.8.1 (GTK+ 2.10.11; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: gbde and geli - differences X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2007 22:36:24 -0000 On Tue, 20 Mar 2007 19:06:28 +0100 (CET) Wojciech Puchar wrote: > what they are. both works, both works right. > geli has more options. > > why there are both? what should i use to have better chance i will be > able to recover data after say 10 years knowing password? I presume it's to do with geli using OpenSSL libraries and so picking-up hardware acceleration where available. I think gdbe is being sidelined. > i need both encrypted partition and encrypted copies/DVDs. I'd be interested if anyone has a method for creating encrypted DVDs that still works. A couple of years ago I played around with encrypted CDs by using a 650Mb file as a backing store for an encrypted md partition and then just burning a CD with that file on it. The same technique can be extended to DVDs by using using two or more backing files with gconcat, to get around the problem that an ISO 9660 filesystem wont support a single 4.7GB file. It worked at the time, but recently I found that the technique no longer works, gbde wouldn't attach the device as it's read-only. I know the behaviour has changed, because I had the old scripts, that had worked before. It's still possible to access the data by copying the backing files to disk, but that's not very practical. I guess it may be possible to work around the problem with a union filesystem, but I haven't pursued that yet. I understand that it's possible to encrypt a DVD+RW as an ordinary partition, but that it's painfully slow. And I don't really want to use RW disks.