I have read a lot about gbde, geli and dm-crypt under linux, but a question remains: Why would iI store my master key on the disk? Seriously! Anybody could rip the metadata off the disk in no time and brute force the password in a cluster without even having additional encrypted sample data laying around. But wait... How can the cluster determine, that it found a correct passphrase? Well... How the metadata looks like depends on the encryption framework used, but all encrypt their master keys with a user key and I cannot tell whether or not the encrypted master key contains anything predictable by itself, because that seems to be undocumented. So I am concerned that some frameworks have metadata in their encrypted master keys allowing attackers to quickly check many passwords against those.
What a bummer that it does not seem to be possible to put those metadata on another drive underfreebsdFreeBSD. Maybe one could use some kind of spanning/jbod devices and use them with geli to overcome this, because geli puts its meta data in the last sector of the disk. I’m going to try that while waiting for an answer.
What a bummer that it does not seem to be possible to put those metadata on another drive under