geli keys

RW rwmaillists at googlemail.com
Sun Oct 24 11:32:43 UTC 2010


On Sun, 24 Oct 2010 17:14:57 +0700
Victor Sudakov <sudakov at sibptus.tomsk.ru> wrote:

> Colleagues,
> 
> The geli(8) man page suggests initializing a geli provider with a
> random keyfile (geli init -K). It also asks for a passphrase by
> default.
> 
> What happens if a provider is initialized without the -K option, just
> with a passphrase? Will there be no encryption? Encryption will be
> weaker?

You can use either or both, they get combined. 

It's hard to remember a passphrase that contains 256 bits of entropy,
OTOH a passfile might get stolen, so some people will want to use both.


More information about the freebsd-questions mailing list