Questions on GELI encryption
Dan Naumov
dan.naumov at gmail.com
Wed May 27 15:57:14 UTC 2009
And some further questions:
1) Is there any basis for the claims that in the event of a failure
(power outage, slowly dying drive, etc) that one is much more likely
to lose ALL his data when using encryption vs not using any
encryption? The argument is that when you have a non-encrypted drive
or partition that is damaged, you have a lot of tools at your disposal
to attempt to recover your data, but if your data is encrypted, even
relatively low amount of damage in the "wrong" place on the
drive/partition can cause it to become undecipherable and cause
complete loss of data.
2) Thanks to the help I have received so far, I now know how to use
"passkey + keyfile", "keyfile" and "passkey" init and authentication
methods for a encrypted GELI provider. The question I have is whether
it is possible to have a "passkey OR keyfile" authentication method
when using GELI. The idea is to normally use a strong passkey for
attaching and using the providers, while keeping a keyfile stored
"elsewhere" in a safe location out of premises. In the event of
forgetting the passkey, the keyfile would be retrieved and used to
access the data and change the forgotten passkey.
Thanks again for your insight.
- Dan Naumov
On Wed, May 27, 2009 at 4:56 PM, Dan Naumov <dan.naumov at gmail.com> wrote:
> Thanks, that worked like a charm. Is there a way to have background
> fsck autolaunch itself when an attempt is made to mount an unclean ufs
> filesystem on a geli provider?
>
> - Dan Naumov
More information about the freebsd-geom
mailing list