From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 7 23:06:31 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8806916A4CE for ; Mon, 7 Mar 2005 23:06:31 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DE6743D4C for ; Mon, 7 Mar 2005 23:06:31 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j273BPoH085386; Sun, 6 Mar 2005 19:11:27 -0800 (PST) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j273BJ2d085385; Sun, 6 Mar 2005 19:11:19 -0800 (PST) (envelope-from www) Date: Sun, 6 Mar 2005 19:11:19 -0800 (PST) Message-Id: <200503070311.j273BJ2d085385@marlena.vvi.at> To: dan@geek.com.au From: "ALeine" cc: freebsd-hackers@FreeBSD.ORG cc: phk@phk.freebsd.dk cc: tech-security@NetBSD.ORG Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 23:06:31 -0000 dan@geek.com.au wrote: > On Mon, Mar 07, 2005 at 09:43:13AM -0700, soralx@cydem.org wrote: > > > > > I also believe that it would be beneficial to implement regular rewriting > > > of randomly picked lock sector(s) at random times during a user specified > > > interval (up to x rewrites within n seconds) in order to further obscure > > > the write pattern and provide additional protection for lock sectors. > > > > I agree. > > I don't. Hiding the lock sector is pointless for hot disk attacks. A > malicious SAN administrator (and other intermediaries, if transport > encryption is not used) can identify the lock sector trivially, > because gbde decrypts its location and tells you: it goes straight > there on startup. The idea I proposed is not meant to address the protection of hot disks, it is mainly meant to address the protection of lock sectors on cold disks that can be accessed at regular intervals for differential analysis. The improved hot disk protection in terms of obscuring write patterns as a result of this mechanism is just a beneficial side-effect and not the main goal. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net