Encrypted slice with geli
Bernt Hansson
bernt at bah.homeip.net
Tue Apr 21 12:23:35 UTC 2009
Giorgos Keramidas said the following on 2009-04-20 23:59:
> On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt at bah.homeip.net> wrote:
>> Hello list!
>>
>> I was thinking of makeing a slice encrypted with geli.
>>
>> My question is: does geli init -s 4096 /dev/ad* erase the data on the
>> slice. The handbook didn't say yes or no, and I don't want to try
>> without asking.
>
> No,
No, what? does it erase the data or not.
> but if you plan to use geli to encrypt data that will end up on the
> slice it may be a useful thing to:
>
> a) keep a backup copy of the data in its unencrypted form
Bad idea.
> b) overwrite the entire partition with random bytes (increased entropy
> means that it is harder to 'attack' the final encrypted data stream
> when geli starts writing over parts of the encrypted slice)
But I want to keep the info on the slice.
More information about the freebsd-questions
mailing list