geli keys
RW
rwmaillists at googlemail.com
Sun Oct 24 11:32:43 UTC 2010
On Sun, 24 Oct 2010 17:14:57 +0700
Victor Sudakov <sudakov at sibptus.tomsk.ru> wrote:
> Colleagues,
>
> The geli(8) man page suggests initializing a geli provider with a
> random keyfile (geli init -K). It also asks for a passphrase by
> default.
>
> What happens if a provider is initialized without the -K option, just
> with a passphrase? Will there be no encryption? Encryption will be
> weaker?
You can use either or both, they get combined.
It's hard to remember a passphrase that contains 256 bits of entropy,
OTOH a passfile might get stolen, so some people will want to use both.
More information about the freebsd-questions
mailing list