How safe is encrypted disks? (data integrity)
freebsd-listen at fabiankeil.de
Fri Dec 15 06:46:49 PST 2006
"Chad Gross" <avatar4d at gmail.com> wrote:
> On 12/14/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
> > Erik Norgaard <norgaard at locolomo.org> wrote:
> > > I have been thinking to make /home on my laptop encrypted - seems like a
> > > good idea if it gets stolen. Now, how safe is this? Not in terms of the
> > > strength of the encryption algorithm, but in terms of integrity.
> > > What happens in case of power failure, the battery runs out or system
> > > crashes for whatever reason?
> > I have my home slice encrypted with GELI for several month now
> > and so far I didn't notice any effects on the data integrity.
> > I experienced several system crashes and one or two power failures
> > do to empty battery but I didn't lose any data already saved
> > on the disk (that I know of).
> > The only inconvenience is that the system boots to single-user
> > mode if the home slice isn't clean and I then have to fsck it
> > manually.
> > At that point the password for the key is already entered,
> > so I'm not sure why the slice can't be fscked automatically.
> > It could be the .eli extension, but I didn't investigate this
> > any further.
> Yes the manual fsck is a pain. I am not sure why it has to be done manually
> either, but I don't think it is just the .eli extension. Did you notice you
> have to specify that it is UFS as well?
Yes, I forgot to mention it because I now always call fsck_ffs directly.
I guess this could also explain why it has to be done manually.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061215/51b57cb4/signature.pgp
More information about the freebsd-questions