Encrypted slice with geli

Bernt Hansson bernt at bah.homeip.net
Tue Apr 21 12:23:35 UTC 2009

Giorgos Keramidas said the following on 2009-04-20 23:59:
> On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt at bah.homeip.net> wrote:
>> Hello list!
>> I was thinking of makeing a slice encrypted with geli.
>> My question is: does geli init -s 4096 /dev/ad* erase the data on the
>> slice. The handbook didn't say yes or no, and I don't want to try
>> without asking.
> No, 

No, what? does it erase the data or not.

> but if you plan to use geli to encrypt data that will end up on the
> slice it may be a useful thing to:
>   a) keep a backup copy of the data in its unencrypted form

Bad idea.

>   b) overwrite the entire partition with random bytes (increased entropy
>      means that it is harder to 'attack' the final encrypted data stream
>      when geli starts writing over parts of the encrypted slice)

But I want to keep the info on the slice.

More information about the freebsd-questions mailing list