Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd questions



Thomas Klausner <wiz%NetBSD.org@localhost> writes:

> When I pick up a cgd disk and want to use it on a NetBSD system to
> which it was not connected before, what do I need?
>
> - the passphrase
> - the /etc/cgd/foo file?
>
> If you need the /etc/cgd/foo file too, how do people handle those for
> cgds used as backup disks?

Yes, you need the /etc/cgd/foo file because the passphrase is salted,
and you might need an iv depending on iv method.  IMHO this is a design
bug in cgd.  At least as a normal path, one should be able to access
with just the passphrase.

My setup is

  (this is for a 512-sector disk)
  GPT partition on disk
  index 2: 16384 sectors starting at 64, ffs
  index 1: rest of disk, cgd

  in index 2, newfs and then rsync all my cgd init files.
  in index 1, cgconfig

Thus, any backup disk has the params for all of them.

> The other question is that the cgd man page says that some ciphers are
> obsolete. How can I switch from an obsolete cipher to a new one - is
> the only method to make a new cgd with the new cipher and copy the
> data manually?

I believe that's the only way.  I can't even figure out how to change
the passphrase without doing that.


Home | Main Index | Thread Index | Old Index