Chad Gross wrote:
On 12/14/06, Fabian Keil <[EMAIL PROTECTED]> wrote:

Erik Norgaard <[EMAIL PROTECTED]> wrote:

> I have been thinking to make /home on my laptop encrypted - seems like a > good idea if it gets stolen. Now, how safe is this? Not in terms of the
> strength of the encryption algorithm, but in terms of integrity.

I have no insight on the code, but as nobody else answered,
my response may be better than nothing.

> What happens in case of power failure, the battery runs out or system
> crashes for whatever reason?

I have my home slice encrypted with GELI for several month now
and so far I didn't notice any effects on the data integrity.

I experienced several system crashes and one or two power failures
do to empty battery but I didn't lose any data already saved
on the disk (that I know of).

The only inconvenience is that the system boots to single-user
mode if the home slice isn't clean and I then have to fsck it
manually.

At that point the password for the key is already entered,
so I'm not sure why the slice can't be fscked automatically.
It could be the .eli extension, but I didn't investigate this
any further.

Fabian
--
http://www.fabiankeil.de/



Erik,

I also use geli and it works great. I have had power failures as well and
have not lost any data upon reboot.

Fabian,

Yes the manual fsck is a pain. I am not sure why it has to be done manually either, but I don't think it is just the .eli extension. Did you notice you
have to specify that it is UFS as well?



Another thing to consider is the performance hit when using geli with a high encryption. I have mine set to the highest (I think) bit possible and when transferring anything ~500MB+ it lags the system a bit to do the encryption.


Chad
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Just another reply to say it works fine, I have a /private partition on my laptop using GELI for months, without any problems.

Since it's not /home (so, not automounted), I have a little script to mount it, which includes a fsck (with some special flags, I'd have to turn the laptop on as I don't remember them, but man fsck should reveal them right away).


Hugo
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to