Re: entering geli passphrase only once at FreeBSD boot
- In reply to: Taceant Omnes : "Re: entering geli passphrase only once at FreeBSD boot"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 09 Jan 2022 12:59:01 UTC
On Sun, 9 Jan 2022 11:25:18 +0000 Taceant Omnes <taceant@gmail.com> wrote: > I was planning to use geli instead of ZFS native encryption because > the former encrypts everything whereas the latter does not encrypt > some meta data. But maybe it is better to use the latter to avoid > losing data? What do you think? Like most things it's a matter of balancing conflicting requirements, my final analysis was that there was very little data that I really cared about being encrypted and so I might as well just use encrypted files for that. I was in no danger of losing data though, just redundancy but even if I'd lost the pool I would still have had the archive copy that I keep up to date with zrepl - but restoring it would have been a time consuming pain during which the data would have been unavailable so I'd prefer never to have to do that. When analysing and designing data retention systems it is good to carefully separate the consequences of loss and unavailability and work out how far you want to go to prevent either and in particular across what kind of events you want to preserve data and/or access. There is no such thing as perfection there are only degrees of imperfection - at a PPOE we advised customers about the mean time to data loss of various arrangements. -- Steve O'Hara-Smith Odds and Ends at http://www.sohara.org/