how-to: encryption + journaling (geli + gjournal)
christian.baer at uni-dortmund.de
Sat Jan 26 16:27:48 PST 2008
On Mon, 14 Jan 2008 21:15:37 +0000 RW wrote:
> There's no need to be rude, I'm only trying to help.
You guys are both a little sensitive, aren't you? :-)
> In my experience writing from /dev/random to a raw partition is almost
> twice as fast as writing to an .eli device - essentially it's single
> verses double encryption.
True, this *is* faster. But there is also a reason for encrypting the
random numbers - although I would probably use zeros which will look
pretty much like random numbers on a disk once they are encrypted.
If you use a checksum (geli init -a) geli will need to know what is on the
disc. So you actually have to fill the disc through geli before you can
use it. If you don't do this you will get lots of errors stating that the
data on the disc is corrupt.
I guess the reason why blanking a disc with encrypted random numbers is
the double entropy and the fact that there are cases where you have to
blank a disc through geli.
More information about the freebsd-geom