RW wrote:
> > 
> > The geli(8) man page suggests initializing a geli provider with a
> > random keyfile (geli init -K). It also asks for a passphrase by
> > default.
> > 
> > What happens if a provider is initialized without the -K option, just
> > with a passphrase? Will there be no encryption? Encryption will be
> > weaker?
> 
> You can use either or both, they get combined. 

I see.

> It's hard to remember a passphrase that contains 256 bits of entropy,
> OTOH a passfile might get stolen, so some people will want to use both.

Why does the geli(8) man page always use a 64B long keyfile as an example?
Why 64 bytes and not 128 or 1024 or whatever?

What if I use a well randomized keyfile and a weak passphrase, will the
master key be weaker?

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to