geli overhead?
mhca12
mhca12 at gmail.com
Tue Feb 5 10:48:49 UTC 2013
On Tue, Feb 5, 2013 at 12:44 AM, <kpneal at pobox.com> wrote:
> On Mon, Feb 04, 2013 at 10:25:33PM +0100, mhca12 wrote:
>> On Mon, Feb 4, 2013 at 10:19 PM, dweimer <dweimer at dweimer.net> wrote:
>> > On 02/04/2013 2:56 pm, mhca12 wrote:
>> >>
>> >> Is there some overhead associated with the geli setup as
>> >> described earlier?
>
>> >> Where did 21G from the 148G go?
>> >>
>> >> As suggested in dan.me.uk geli install guide I used geli init -a
>> >> HMAC/SHA256
>> >> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume.
>
>> > Did you use the -a option when doing the geli init?
>> >
>> >
>> > -a aalgo Enable data integrity verification (authenti-
>> > cation) using the given algorithm. This
>> > will
>> > reduce size of available storage and also
>> > reduce speed. For example, when using 4096
>> > bytes sector and HMAC/SHA256 algorithm, 89%
>> > of
>> > the original provider storage will be avail-
>> > able for use. Currently supported
>> > algorithms
>> > are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160,
>> > HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512.
>> > If
>> > the option is not given, there will be no
>> > authentication, only encryption. The recom-
>> > mended algorithm is HMAC/SHA256.
>>
>> Yes I did (see above).
>>
>> Do I have to init the volume again to skip authentication?
>
> Probably yes.
>
>> Does skipping authentication also remove the requirement of
>> zeroing the whole eli disk for the checksums?
>
> Yes.
Thanks I'll reinstall the machine then.
More information about the freebsd-questions
mailing list