diff options
| author | brueffer <brueffer@FreeBSD.org> | 2006-06-06 14:02:13 +0000 |
|---|---|---|
| committer | brueffer <brueffer@FreeBSD.org> | 2006-06-06 14:02:13 +0000 |
| commit | f3473b2245967d1147ce3f1d4a614fe05a009eb4 (patch) | |
| tree | 618e954e0eac597dc59648b7d242baae31731898 /sbin/geom/class | |
| parent | 1be5d52a81ade665a211a3f2c4e74782dfa3df50 (diff) | |
| download | FreeBSD-src-f3473b2245967d1147ce3f1d4a614fe05a009eb4.zip FreeBSD-src-f3473b2245967d1147ce3f1d4a614fe05a009eb4.tar.gz | |
Mdoc cleanup and some wording improvements.
Diffstat (limited to 'sbin/geom/class')
| -rw-r--r-- | sbin/geom/class/eli/geli.8 | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8 index 840775a..c84a28f 100644 --- a/sbin/geom/class/eli/geli.8 +++ b/sbin/geom/class/eli/geli.8 @@ -146,16 +146,15 @@ Supports many cryptographic algorithms (currently and .Nm 3DES ) . .It -Can optionally perform data authentication (integrity verification) with one of -the +Can optionally perform data authentication (integrity verification) utilizing +one of the following algorithms: .Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , .Nm HMAC/SHA384 or -.Nm HMAC/SHA512 -algorithms. +.Nm HMAC/SHA512 . .It Can create a key from a couple of components (user entered passphrase, random bits from a file, etc.). @@ -586,7 +585,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" .Ed .Pp Not only configure encryption, but also data integrity verification using -.Nm HMAC/SHA256. +.Nm HMAC/SHA256 . .Bd -literal -offset indent # geli init -a hmac/sha256 -s 4096 /dev/da0 Enter new passphrase: @@ -599,24 +598,25 @@ Enter passphrase: .Ed .Sh DATA AUTHENTICATION .Nm -can verify data integrity when authentication algorithm is specified. +can verify data integrity when an authentication algorithm is specified. When data corruption/modification is detected, .Nm -will not return any data, instead will return an error -.Er ( EINVAL ) . -The offset and size of corrupted data will be printed on the console. +will not return any data, but instead will return an error +.Pq Er EINVAL . +The offset and size of the corrupted data will be printed on the console. It is important to know against which attacks .Nm -can protect your data. If data is modified or copied from one place on the disk +provides protection for your data. +If data is modified or copied from one place on the disk to another, .Nm -should be able to detect such modification. +should be able to detect such a modification. If an attacker can remember the encrypted data, he can write them back to the -same place and this won't be detected even if the data was legally modified -between attacker read and write. +same place. +This will not be detected even if the data were legally modified +between read and write operations of the attacker. .Nm -won't protect your data against replay attacks. -.Ed +will not protect your data against replay attacks. .Sh SEE ALSO .Xr crypto 4 , .Xr gbde 4 , |
