In message <Pine.GSO.4.61.0503130037480.26903@rfhpc8317>, Hubert Feyrer writes:

>
>
>Florian St=F6hr (ich at florian-stoehr.de) has contributed step-by-step=20
>documentation on creating and using encrypted CDs and DVDs with NetBSD and=
>=20
>CGD, feel free to check it out:
>
> =09http://www.NetBSD.org/Documentation/misc/#cryptocds
>
>Thanks Florian!

Indeed.  However, I see two problems.

First, I'm told that the combination of cgd and vnd isn't stable.  
Second, it says to create the prototype file by dd'ing /dev/zero.  That 
leaves zeros on the disk in unwritten sectors; these stick out like a 
sore thumb.  You could write /dev/urandom instead, though that can be 
slow.  What I recommend is a little odd.  Create the space with
/dev/zero, as indicated.  When you're finished putting the content you 
really want on the file system, dd /dev/zero to the cgd partition, 
until it runs out of space.  Run sync, to make sure it's written out.
You can then delete that pad file and proceed with the unmount 
procedure.

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb