RW wrote: > > > > The geli(8) man page suggests initializing a geli provider with a > > random keyfile (geli init -K). It also asks for a passphrase by > > default. > > > > What happens if a provider is initialized without the -K option, just > > with a passphrase? Will there be no encryption? Encryption will be > > weaker? > > You can use either or both, they get combined.
I see. > It's hard to remember a passphrase that contains 256 bits of entropy, > OTOH a passfile might get stolen, so some people will want to use both. Why does the geli(8) man page always use a 64B long keyfile as an example? Why 64 bytes and not 128 or 1024 or whatever? What if I use a well randomized keyfile and a weak passphrase, will the master key be weaker? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"