How safe is encrypted disks? (data integrity)
Erik Norgaard
norgaard at locolomo.org
Thu Dec 14 14:39:08 PST 2006
Fabian Keil wrote:
> Erik Norgaard <norgaard at locolomo.org> wrote:
>
>> I have been thinking to make /home on my laptop encrypted - seems like a
>> good idea if it gets stolen. Now, how safe is this? Not in terms of the
>> strength of the encryption algorithm, but in terms of integrity.
>
> I have no insight on the code, but as nobody else answered,
> my response may be better than nothing.
>
>> What happens in case of power failure, the battery runs out or system
>> crashes for whatever reason?
>
> I have my home slice encrypted with GELI for several month now
> and so far I didn't notice any effects on the data integrity.
>
> I experienced several system crashes and one or two power failures
> do to empty battery but I didn't lose any data already saved
> on the disk (that I know of).
>
> The only inconvenience is that the system boots to single-user
> mode if the home slice isn't clean and I then have to fsck it
> manually.
>
> At that point the password for the key is already entered,
> so I'm not sure why the slice can't be fscked automatically.
> It could be the .eli extension, but I didn't investigate this
> any further.
Thanks, reading man-pages and stuff I think I have understood that
sectors are encrypted individually, so errors in one sector does not
affect the decryption of other sectors. Is this correctly understood?
It's a mess though if you have to manually run fsck. I can't figure out
why either: if you have attached the device it ought to be transparrent.
The geli man-page claims you can even encrypt the root device - wonder
how fsck will work then...
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061214/e9ea07b7/smime.bin
More information about the freebsd-questions
mailing list