On Thu, Jul 29, 2010 at 01:26:19PM +0200, Jozsi Vadkan wrote: > With dm_crypt&lvm, i can install a Debian [in sraid1], that has only the > mbr & the "/boot" unencrypted. > > So if someone steals the server/hdds, it can't do anything to them. > That's ok.
They can wipe the harddrive and re-sell the machine or parts, which is what most thieves are interested in, I suspect. > I'm a newbie to FreeBSD, and I want to use it in the future. I'm looking > for these "features", that i mentioned above. IMHO, it is a bad idea to encrypt the standard OS data and files, because this potentially gives an attacker a lot of "known plaintext" to attack the encryption! It is better to put your data (and only your data) on a separate partition and encrypt that with geli(8). Also, read ยง18.16.2 of the FreeBSD handbook that deals with geli encryption. > So, if someone has a little time, can someone post just a few > howtos/links, how to do this? Here you go: http://www.xs4all.nl/~rsmith/unix/encryption.xhtml Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpIyWBhVWYHf.pgp
Description: PGP signature
