Thanks, i discovered is AES-XTS 128 bits. If i discover how to improve i post here after for you guys.
setkey Change or setup (if not yet initialized) selected key. There
is one master key, which can be encrypted with two independent
user keys. With the init subcommand, only key number 0 is
initialized. The key can always be changed: for an attached
provider, for a detached provider or on the backup file. When
a provider is attached, the user does not have to provide an
Key length to use with the given cryptographic algo-
rithm. If not given, the default key length for the
given algorithm is used, which is: 128 for AES, 128
for Blowfish, 128 for Camellia and 192 for 3DES.
Any master here knows what i write in terminal to upgrade the encryption to the highest level?
We must use it before it gets initialized? i have no clue not even from where i start... I must boot with a special option? Then what i write in terminal?
I am afraid that if i try alone i might screw all...
Can it use 2 or 3 algorythms at the same time too? or just one?
init Initialize provider which needs to be encrypted. Here you can
set up the cryptographic algorithm to use, key length, etc.
The last provider's sector is used to store metadata. The
init subcommand also automatically backups metadata in
/var/backups/<prov>.eli file. The metadata can be recovered
with the restore subcommand described below.
Additional options include:
-a aalgo Enable data integrity verification (authentication)
using the given algorithm. This will reduce size of
available storage and also reduce speed. For exam-
ple, when using 4096 bytes sector and HMAC/SHA256
algorithm, 89% of the original provider storage will
be available for use. Currently supported algo-
rithms are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160,
HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512. If the
option is not given, there will be no authentica-
tion, only encryption. The recommended algorithm is
-b Ask for the passphrase on boot, before the root par-
tition is mounted. This makes it possible to use an
encrypted root partition. One will still need
bootable unencrypted storage with a /boot/ direc-
tory, which can be a CD-ROM disc or USB pen-drive,
that can be removed after boot.
And what about this? Is data Integrity verification already on? how do i check?
And how to make that encrypted root partition after installed pc-bsd?
Can it be made like a first 50mb partition just to do that? Or is better the default way it it, root unecrypted?
Number of iterations to use with PKCS#5v2. If this
option is not specified, geli will find the number
of iterations which is equal to 2 seconds of crypto
work. If 0 is given, PKCS#5v2 will not be used.
"Iteration in computing is the repetition of a process within a computer program. It can be used both as a general term, synonymous with repetition, and to describe a specific form of repetition with a mutable state."
I tryed to figure out what that iterations option means but no sucess...
Woudnt it be good to choose encryption options ins install?