Date: Tue, 8 Mar 2005 08:17:43 +1100 From: Daniel Carosone <dan@geek.com.au> To: soralx@cydem.org Cc: tech-security@NetBSD.ORG Subject: Re: FUD about CGD and GBDE Message-ID: <20050307211743.GD20827@bcd.geek.com.au> In-Reply-To: <200503070940.49393.soralx@cydem.org> References: <200503052027.j25KRmAF055472@marlena.vvi.at> <200503070940.49393.soralx@cydem.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--6zdv2QT/q3FMhpsV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 07, 2005 at 09:43:13AM -0700, soralx@cydem.org wrote: >=20 > > I also believe that it would be beneficial to implement regular rewriti= ng > > of randomly picked lock sector(s) at random times during a user specifi= ed > > interval (up to x rewrites within n seconds) in order to further obscure > > the write pattern and provide additional protection for lock sectors. >=20 > I agree.=20 I don't. Hiding the lock sector is pointless for hot disk attacks. A malicious SAN administrator (and other intermediaries, if transport encryption is not used) can identify the lock sector trivially, because gbde decrypts its location and tells you: it goes straight there on startup. -- Dan. --6zdv2QT/q3FMhpsV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (NetBSD) iD8DBQFCLMT3EAVxvV4N66cRAjwdAJ0YIII6Wru0sABfMfvTFlwUCqtPuQCfSKMH s4GFYA0kk/bKutoV5VCVCho= =Vbqw -----END PGP SIGNATURE----- --6zdv2QT/q3FMhpsV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050307211743.GD20827>