I have read the mount_vnd manual page and it describes the mount options
of the image that are needed to succesfully mount the partition on boot
but didn't reveal if there's a method to encrypt whole partition. I know
it will give me small performance hit to encrypt whole partition but it
should be OK. I had all of my HD except the /boot partition encrypted
with Linux and I didn't notice any difference in casual use.
Currently waiting for the urandom to fill the image...
Timo
Jacob Yocom-Piatt wrote:
Nick Guenther wrote:
On 10/6/07, Timo Myyrd <[EMAIL PROTECTED]> wrote:
I'm just trying to encrypt my laptops /home partition to hide my
personal info if the worst happens and my lappy is stolen.
I'm wondering what would be the best method to encrypt the hard
drive? I
saw some discussion on the mailing list recently and somebody pointed
out that I could encrypt whole partition.
I'm currently creating a image within a partition which I intend to
encrypt then as instructed for example here:
http://www.blackant.net/other/docs/howto-encrypted-home.php
Which would be a better method, the separate image or encrypt whole
partition and how to encrypt whole partition on OpenBSD?
*The* way to make encrypted disks on OpenBSD is through vnconfig -k.
Go read up on that and come back.
Then here's what you can do (it's dead simple):
# vnconfig -k <key> svnd0 /path/to/image
# mount /dev/svnd0 /home
#note: the image file should be available somewhere that isn't /home,
obviously... you may be able to have a /home with it on there and then
mount over that and it might keep working but it's just asking for
trouble to do it that way
using the -K switch for vnconfig is good if you're worried about
offline brute forcing.
are you sure you want to encrypt your *whole* drive though? Is your
data really that secret? For most people there are only a few /really
secret/ things, and you can just make a small secure partition and
place them in there. Encryption does take a performance hit.
the performance hit is pretty unnoticeable unless you're doing lots of
reads and writes, e.g. a fileserver. on a decently fast machine you
can get 20-30 MBps read and write speed on an encrypted image which is
plenty for your /home in most cases.
-Nick
