geli keys
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Oct 25 03:07:15 UTC 2010
RW wrote:
> >
> > The geli(8) man page suggests initializing a geli provider with a
> > random keyfile (geli init -K). It also asks for a passphrase by
> > default.
> >
> > What happens if a provider is initialized without the -K option, just
> > with a passphrase? Will there be no encryption? Encryption will be
> > weaker?
>
> You can use either or both, they get combined.
I see.
> It's hard to remember a passphrase that contains 256 bits of entropy,
> OTOH a passfile might get stolen, so some people will want to use both.
Why does the geli(8) man page always use a 64B long keyfile as an example?
Why 64 bytes and not 128 or 1024 or whatever?
What if I use a well randomized keyfile and a weak passphrase, will the
master key be weaker?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list