How safe is encrypted disks? (data integrity)

[Erik Norgaard]

Fabian Keil wrote:
> Erik Norgaard <norgaard at locolomo.org> wrote:
> 
>> I have been thinking to make /home on my laptop encrypted - seems like a 
>> good idea if it gets stolen. Now, how safe is this? Not in terms of the 
>> strength of the encryption algorithm, but in terms of integrity.
> 
> I have no insight on the code, but as nobody else answered,
> my response may be better than nothing.
>  
>> What happens in case of power failure, the battery runs out or system 
>> crashes for whatever reason?
> 
> I have my home slice encrypted with GELI for several month now
> and so far I didn't notice any effects on the data integrity.
> 
> I experienced several system crashes and one or two power failures
> do to empty battery but I didn't lose any data already saved
> on the disk (that I know of).
> 
> The only inconvenience is that the system boots to single-user
> mode if the home slice isn't clean and I then have to fsck it
> manually.
> 
> At that point the password for the key is already entered,
> so I'm not sure why the slice can't be fscked automatically.
> It could be the .eli extension, but I didn't investigate this
> any further.

Thanks, reading man-pages and stuff I think I have understood that 
sectors are encrypted individually, so errors in one sector does not 
affect the decryption of other sectors. Is this correctly understood?

It's a mess though if you have to manually run fsck. I can't figure out 
why either: if you have attached the device it ought to be transparrent. 
The geli man-page claims you can even encrypt the root device - wonder 
how fsck will work then...

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061214/e9ea07b7/smime.bin