On Sun, 7 Feb 2021 08:50:52 -0500
Abner Gershon wrote:
> The reason this is currently impossible is due to GPT and gmirror both
> trying to store metadata in the last disk sector.
I don't know whether GPT with gmirror is a special case, but
generally when something uses the last sector for metad
On Fri, 14 Sep 2018 17:55:58 -0700
Lee Brown wrote:
> I want to create a geli provider as authentication only, no password,
> no encryption. I do:
...
> Instead:
> # echo " " > /tmp/key
> solves that issue, but I still don't get why I even need a key file
> with -e NULL?
Because HMAC itself need
On Fri, 10 Jul 2015 17:28:37 -0500
Matthew D. Fuller wrote:
> 2) Security. For whatever your threat model is, leaking the "how much
>space is in use" datum is unacceptable.
It's not about how much space is free, it's about giving away which
blocks do and don't contain data.
Perhaps more
On Mon, 30 Dec 2013 14:07:14 -0800
Xin Li wrote:
> On 12/30/13 13:40, Isaac Huff wrote:
> > Is it necessary from a reliability and/or security standpoint to
> > detach GELI volumes before rebooting? Specifically, if I unmount
> > the filesystem, but do not detach (and disable auto-detach) - do I
On Tue, 24 Jul 2012 13:28:23 +0200
Pawel Jakub Dawidek wrote:
> On Tue, Jul 24, 2012 at 05:21:35AM -0500, CyberLeo Kitsana wrote:
> > On 07/22/2012 05:05 PM, RW wrote:
> > >
> > > Is there any good reason for preferring XTS over CBC in geli? I
> > > just
Is there any good reason for preferring XTS over CBC in geli? I just did
some tests on a new disk and CBC seems to be about 30% faster.
___
freebsd-geom@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send
On Tue, 26 Jun 2012 17:52:28 +0300
icameto icameto wrote:
> Hi everyone,
>
> I d like to ask you a question about geli and pasphrase changing.
>
> # dd if=/dev/random of=/root/da1.key bs=64 count=1
>
> # geli init -s 4096 -K /root/da1.key /dev/da1
>
> # geli attach -k /root/da1.key /dev/da1
>
On Tue, 19 Jun 2012 09:26:34 -0500
Mark Felder wrote:
> On Tue, 19 Jun 2012 08:10:11 -0500, wrote:
>
> > You do realize that if you have a single filesystem spread across
> > multiple
> > disks with gconcat then one drive failing will kill the entire
> > filesystem,
> > right?
>
> Media fil
On Sat, 09 Jun 2012 16:57:57 -0400
John W. O'Brien wrote:
> There is exactly one Master Key per provider, and it never changes for
> the life of the provider. It is generated in userland upon init (or
> onetime) and the user can select the key length (-l).
I think it's fixed at 512 bits and -l d
On Mon, 9 Apr 2012 18:34:10 +
Fa bio wrote:
> Is it possible to recompile geli/kernel to automatically enter with
> password and/or key?
If that's done you no longer have encryption, you have obfuscation,
with the option to reinstate encryption.
> If you see a cache system called SpeedR
>
On Sat, 3 Mar 2012 17:24:15 -0500
Robert Simmons wrote:
> What exactly is contained in the metadata backup
> file /var/backups/_prov_.eli ?
I don't know exactly what's in the metadata, but the most important
thing is that it contains copies of the master key encrypted with the
user keys. If the
On Thu, 1 Mar 2012 22:00:17 -0500
Robert Simmons wrote:
> After you perform "geli init" and "geli attach" you must use dd to
> initialize the new provider before you run newfs. If you had enabled
> authentication of some kind during the init step, when you attach the
> provider you get a series o
12 matches
Mail list logo
