On 12/14/06, Fabian Keil <[EMAIL PROTECTED]> wrote:
Erik Norgaard <[EMAIL PROTECTED]> wrote: > I have been thinking to make /home on my laptop encrypted - seems like a > good idea if it gets stolen. Now, how safe is this? Not in terms of the > strength of the encryption algorithm, but in terms of integrity. I have no insight on the code, but as nobody else answered, my response may be better than nothing. > What happens in case of power failure, the battery runs out or system > crashes for whatever reason? I have my home slice encrypted with GELI for several month now and so far I didn't notice any effects on the data integrity. I experienced several system crashes and one or two power failures do to empty battery but I didn't lose any data already saved on the disk (that I know of). The only inconvenience is that the system boots to single-user mode if the home slice isn't clean and I then have to fsck it manually. At that point the password for the key is already entered, so I'm not sure why the slice can't be fscked automatically. It could be the .eli extension, but I didn't investigate this any further. Fabian -- http://www.fabiankeil.de/
Erik, I also use geli and it works great. I have had power failures as well and have not lost any data upon reboot. Fabian, Yes the manual fsck is a pain. I am not sure why it has to be done manually either, but I don't think it is just the .eli extension. Did you notice you have to specify that it is UFS as well? Another thing to consider is the performance hit when using geli with a high encryption. I have mine set to the highest (I think) bit possible and when transferring anything ~500MB+ it lags the system a bit to do the encryption. Chad _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"