how-to: encryption + journaling (geli + gjournal)
RW
fbsd06 at mlists.homeunix.com
Mon Jan 14 13:15:52 PST 2008
On Mon, 14 Jan 2008 13:11:38 +0000
Volker <volker at vwsoft.com> wrote:
> On 12/23/-58 19:59, RW wrote:
> > It would probably be faster to fill /dev/ad0s1d from /dev/random
> > before doing the geli init - there's no point in encrypting the
> > random numbers. It would also ensure that the whole of ad0s1d is
> > pre-filled, and not just the part accessible as ad0s1d.eli.
>
> If you think it doesn't make sense or is a fault, please file a PR as
> filling the data provider with random data has been taken from the
> manpage geli(8).
It's only an example.
>
> Otherwise I'm considering this being a bike shed.
>
> If you know it better, I'm wondering why you haven't written a how to
> in the past?
There's no need to be rude, I'm only trying to help.
In my experience writing from /dev/random to a raw partition is almost
twice as fast as writing to an .eli device - essentially it's single
verses double encryption.
I recently filled a raw partition on a 500GB drive and it took 6 hours,
doing it on the eli device would have taken about 11 hours. I think
you'd have to have a lot of time on your hands to consider this a
bike shed.
More information about the freebsd-geom
mailing list