How safe is encrypted disks? (data integrity)

[Chad Gross]

On 12/14/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
>
> Erik Norgaard <norgaard at locolomo.org> wrote:
>
> > I have been thinking to make /home on my laptop encrypted - seems like a
> > good idea if it gets stolen. Now, how safe is this? Not in terms of the
> > strength of the encryption algorithm, but in terms of integrity.
>
> I have no insight on the code, but as nobody else answered,
> my response may be better than nothing.
>
> > What happens in case of power failure, the battery runs out or system
> > crashes for whatever reason?
>
> I have my home slice encrypted with GELI for several month now
> and so far I didn't notice any effects on the data integrity.
>
> I experienced several system crashes and one or two power failures
> do to empty battery but I didn't lose any data already saved
> on the disk (that I know of).
>
> The only inconvenience is that the system boots to single-user
> mode if the home slice isn't clean and I then have to fsck it
> manually.
>
> At that point the password for the key is already entered,
> so I'm not sure why the slice can't be fscked automatically.
> It could be the .eli extension, but I didn't investigate this
> any further.
>
> Fabian
> --
> http://www.fabiankeil.de/
>
>
>
Erik,

I also use geli and it works great. I have had power failures as well and
have not lost any data upon reboot.

Fabian,

Yes the manual fsck is a pain. I am not sure why it has to be done manually
either, but I don't think it is just the .eli extension.  Did you notice you
have to specify that it is UFS as well?



Another thing to consider is the performance hit when using geli with a high
encryption. I have mine set to the highest (I think) bit possible and when
transferring anything ~500MB+ it lags the system a bit to do the encryption.


Chad