--- wikisrc/security/cgdroot.mdwn	2016/06/22 09:02:18	1.6
+++ wikisrc/security/cgdroot.mdwn	2016/06/22 09:08:50	1.7
@@ -3,7 +3,7 @@ Root filesystem encryption
 
 It is possible to run NetBSD with [complete root filesystem encryption][1], thanks to the `cgdroot.kmod` kernel module. It really is a memory disk (also knows as RAM disk) that is expected to be loaded in the kernel while booting.
 
-Full disk encryption makes it more difficult for an attacker to modify the unencrypted part of the disk to plant a backdoor. With only partial encryption, the original [[!template id=man name="cgdconfig" section="8"]] binary may be modifiedto send the passphrase away, allowing an attacker with a disk dump to recover the data.
+Full disk encryption makes it more difficult for an attacker to modify the unencrypted part of the disk to plant a backdoor. With only partial encryption, the original [[!template id=man name="cgdconfig" section="8"]] binary may be modified to send the passphrase away, allowing an attacker with a disk dump to recover the data.
 
 The mechanism described here still requires one unencrypted partition to boot from (typically `wd0a`).