Is this still true?:
https://forums.lawrencesystems.com/t/freenas-automatic-decryption-on-boot/2586
The fact that you can auto unlock, and choose to manually unlock via web interface using GELI?
IIRC when I was looking into this years ago, if you chose to automatically unlock, it would store the encryption keys on whatever/wherever you chose for logging/system partition. Usually with most USB boot types, it would be somewhere on the first dataset?
Is this still true?
Has this encryption scheme been audited?
When you unlock via web GUI, is the key stored anywhere else but memory? Is it stored in tmpfs? Is it just stored in memory via FreeBSD software (GELI) etc?
When you encrypt in FreeNAS does the keysize default to 256 or can you choose?
Thanks!
https://forums.lawrencesystems.com/t/freenas-automatic-decryption-on-boot/2586
The fact that you can auto unlock, and choose to manually unlock via web interface using GELI?
IIRC when I was looking into this years ago, if you chose to automatically unlock, it would store the encryption keys on whatever/wherever you chose for logging/system partition. Usually with most USB boot types, it would be somewhere on the first dataset?
Is this still true?
Has this encryption scheme been audited?
When you unlock via web GUI, is the key stored anywhere else but memory? Is it stored in tmpfs? Is it just stored in memory via FreeBSD software (GELI) etc?
When you encrypt in FreeNAS does the keysize default to 256 or can you choose?
Thanks!
