From owner-freebsd-fs@FreeBSD.ORG Sun Sep 5 12:13:56 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175A016A4CE; Sun, 5 Sep 2004 12:13:56 +0000 (GMT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7286543D31; Sun, 5 Sep 2004 12:13:55 +0000 (GMT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id i85CDqxi025406; Sun, 5 Sep 2004 14:13:53 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: David Kreil From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sun, 05 Sep 2004 00:32:59 BST." <200409042332.i84NWxC17377@puffin.ebi.ac.uk> Date: Sun, 05 Sep 2004 14:13:52 +0200 Message-ID: <25405.1094386432@critter.freebsd.dk> Sender: phk@critter.freebsd.dk cc: freebsd-fs@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2004 12:13:56 -0000 In message <200409042332.i84NWxC17377@puffin.ebi.ac.uk>, David Kreil writes: >> On a modern disk there is no sequence of writes that will guarantee >> you that your data is iretriveable lost. >> Even if you rewrite a thousand times, you cannot guard yourself against >> the sector being replaced by a bad block spare after the first write. > >Good point. In the rare chance event that this happens, it would indeed be bad >news as an attacker would then only have to scan the bad blocks for possible >copies of the key. He still has no way of recognizing the key though... >A simple improvement on the present situation would already be if >the keys were not overwritten with zeros but with random bits. I >don't know how difficult it would be to attempt to physically write >random bits multiple times but it would much strengthen the feature >apart from the rare cases when the sectors of the masterkey have >been remapped into bad blocks. Please read the paper, there is a reason why it is zero bits. >What do you think? Is the required effort disproportional to the >intended value of the blackening feature? Blackening adds no significant incremental security imo, on the other hand it is feasible to implement it, so I've put it on the todo list. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-fs@FreeBSD.ORG Sun Sep 5 14:26:48 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B322016A4CE; Sun, 5 Sep 2004 14:26:48 +0000 (GMT) Received: from maui.ebi.ac.uk (maui.ebi.ac.uk [193.62.196.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3192E43D4C; Sun, 5 Sep 2004 14:26:47 +0000 (GMT) (envelope-from kreil@ebi.ac.uk) Received: from puffin.ebi.ac.uk (puffin.ebi.ac.uk [193.62.196.89]) by maui.ebi.ac.uk (8.11.7+Sun/8.11.7) with ESMTP id i85EQgF14065; Sun, 5 Sep 2004 15:26:42 +0100 (BST) Received: from puffin.ebi.ac.uk (kreil@localhost) by puffin.ebi.ac.uk (8.11.6/8.11.6) with ESMTP id i85EQgB18118; Sun, 5 Sep 2004 15:26:42 +0100 Message-Id: <200409051426.i85EQgB18118@puffin.ebi.ac.uk> X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4 To: "Poul-Henning Kamp" In-Reply-To: Your message of "Sun, 05 Sep 2004 14:13:52 +0200." <25405.1094386432@critter.freebsd.dk> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 05 Sep 2004 15:26:42 +0100 From: David Kreil X-EBI-Information: This email is scanned using www.mailscanner.info. X-EBI: Found to be clean X-EBI-SpamCheck: not spam, SpamAssassin (score=-8, required 5, HABEAS_SWE -8.00) cc: freebsd-fs@freebsd.org cc: David Kreil cc: freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2004 14:26:48 -0000 Dear Poul-Henning, > >> On a modern disk there is no sequence of writes that will guarantee > >> you that your data is iretriveable lost. > >> Even if you rewrite a thousand times, you cannot guard yourself against > >> the sector being replaced by a bad block spare after the first write. > > > >Good point. In the rare chance event that this happens, it would indeed be > >bad > >news as an attacker would then only have to scan the bad blocks for possible > >copies of the key. > > He still has no way of recognizing the key though... Right, he'd have to try them all. > >A simple improvement on the present situation would already be if > >the keys were not overwritten with zeros but with random bits. I > >don't know how difficult it would be to attempt to physically write > >random bits multiple times but it would much strengthen the feature > >apart from the rare cases when the sectors of the masterkey have > >been remapped into bad blocks. > > Please read the paper, there is a reason why it is zero bits. Sorry, forgot. > >What do you think? Is the required effort disproportional to the > >intended value of the blackening feature? > > Blackening adds no significant incremental security imo, >From a security point of vie, yes. From a social/civil-liberties/legal point of view, I felt it was an excellent thing to have. > on the > other hand it is feasible to implement it, so I've put it on the > todo list. That's great, thanks a lot! With best regards, David. ------------------------------------------------------------------------ Dr David Philip Kreil ("`-''-/").___..--''"`-._ Research Fellow `6_ 6 ) `-. ( ).`-.__.`) University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-' From owner-freebsd-fs@FreeBSD.ORG Thu Sep 9 03:06:09 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D62D916A4CE; Thu, 9 Sep 2004 03:06:09 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id B58C643D46; Thu, 9 Sep 2004 03:06:09 +0000 (GMT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id A59035CA24; Wed, 8 Sep 2004 20:06:09 -0700 (PDT) Date: Wed, 8 Sep 2004 20:06:09 -0700 From: Alfred Perlstein To: am-utils-developers@am-utils.org, fs@freebsd.org, hackers@freebsd.org Message-ID: <20040909030609.GA16925@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: autofs available for FreeBSD 4, 5 and 6. X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2004 03:06:10 -0000 Autofs has been integrated into FreeBSD 6. There is also a standalone tarball that will compile and run on FreeBSD 5 as well as FreeBSD 4. The most recent one is available here: http://people.freebsd.org/~alfred/sources/autofs/ If you want to get an idea on how to use it, see the libautofs.3 manpage. You can also check out the example driver program under /usr/share/examples/autofs/driver (under FreeBSD 6) or the driver/ directory (from the tarball). If you want to use the tarball, just extract it and run make depend all install from the top level directory. Have fun! AMD guys, let me know where we go from here! The only thing I have not implemented is trigger timeouts inside the autofs. I'll get to it eventually though. -- - Alfred Perlstein - Research Engineering Development Inc. - email: bright@mu.org cell: 408-480-4684 From owner-freebsd-fs@FreeBSD.ORG Fri Sep 10 06:43:38 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD63C16A4CE; Fri, 10 Sep 2004 06:43:38 +0000 (GMT) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A06343D3F; Fri, 10 Sep 2004 06:43:38 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1C5f8D-000NvZ-CU; Fri, 10 Sep 2004 09:43:37 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: Alfred Perlstein In-Reply-To: Message from Alfred Perlstein of "Wed, 08 Sep 2004 20:06:09 PDT." <20040909030609.GA16925@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 10 Sep 2004 09:43:37 +0300 From: Danny Braniss Message-Id: <20040910064338.6A06343D3F@mx1.FreeBSD.org> cc: hackers@freebsd.org cc: am-utils-developers@am-utils.org cc: fs@freebsd.org Subject: Re: autofs available for FreeBSD 4, 5 and 6. X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2004 06:43:38 -0000 > Autofs has been integrated into FreeBSD 6. > > There is also a standalone tarball that will compile and run on > FreeBSD 5 as well as FreeBSD 4. > > The most recent one is available here: > > http://people.freebsd.org/~alfred/sources/autofs/ > > If you want to get an idea on how to use it, see the libautofs.3 > manpage. > > You can also check out the example driver program under > /usr/share/examples/autofs/driver (under FreeBSD 6) or the driver/ > directory (from the tarball). > > If you want to use the tarball, just extract it and run > make depend all install > from the top level directory. > > Have fun! AMD guys, let me know where we go from here! > any hints how this can be used with am-utils? im trying to compile am-utils-6.1b4, but going nowhere fast :-). > The only thing I have not implemented is trigger timeouts inside > the autofs. I'll get to it eventually though. > > -- > - Alfred Perlstein > - Research Engineering Development Inc. > - email: bright@mu.org cell: 408-480-4684 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >