Is geli detectable?
Greg Rivers
gcr at tharned.org
Thu Jun 19 02:32:28 UTC 2008
On Wed, 18 Jun 2008, RW wrote:
> Is it possible to tell the difference between a geli partition and a
> partition filled with random data? Assuming that the geli partition was
> prefilled from /dev/random before the "geli init".
>
All but the last sector will indeed appear to be more or less random data.
But the last sector contains the geli metadata, and thus a distinction can
be made. You can prove this by running `geli dump <provider>` when the
provider is not attached (decrypted), or by otherwise inspecting the last
sector.
--
Greg Rivers
More information about the freebsd-geom
mailing list