On Fri, 14 Sep 2018 17:55:58 -0700 Lee Brown wrote: > I want to create a geli provider as authentication only, no password, > no encryption. I do: ... > Instead: > # echo " " > /tmp/key > solves that issue, but I still don't get why I even need a key file > with -e NULL?
Because HMAC itself needs an encrypted secret key, otherwise anyone could write to the device without it being detectable. Without a securely entered passphase, or a passfile on removable media, HMAC doesn't provide any authentication, it just detects bitrot and naive attempts to modify the filesystem. _______________________________________________ freebsd-geom@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"