deimosBSD: if you like ipfw, you might be interested in a primer i wrote for it a few months ago.

enjoy :-)

Guys, any way of testing a geli password on a running machine (/ and swap are encrypted)? I don't remember which of my like 50 passwords I used to do the disk encryption.. :) so ideally I'd like to find out which one it is before I do a reboot and have half an hour downtime guessing the password.

Onepamopa: you can backup data from these partitions before reboot

I know I can. There's not much to backup, it's a production server with a few services running.

So, there's no way to test passwords?

The F-ing chatgpt gives me geli attach -n -j /dev/stdin /dev/ada0p3  (-n without an argument) to do a "dry-run" without creating an .eli but from what I see on man geli ... that doesn't seem to be the case, at least according to the man..

don't trust chatgpt with your data

or with anything for that matter …

That's exactly why I asked here first...

you could try to change the password. it should ask you to give the current one before allowing to change to a new one ( from: forums.freebsd.org/threads/verifying-password-for-geli.58634 )

also found -C (dry-run)

chatgpt is endless source of false information that feels strangely true

btw, the encryption was done manually (UFS, not ZFS via the setup)

since the encryption is geli, the filesystem will not matter for this (imo)

dry-run only seems to work for `geli attach`, but it checks the password and informs if it's wrong. it did so for me with a wrong password (but currently can't test with the correct one)

So, geli attach -C -n 1 -j /dev/stdin /dev/ada0p3  should work for testing the password

(-n 1 because the key is 0x01 according to geli dump)

i lmfao'd when it told me who my parents are, gave a source too but there was nothing like that on that page!

lol :)

so why using it for geli...

I was waiting for a response here, so I decided to "give it a shot"

Wasn't about to do what it told me tho ..