Date: Tue, 8 Mar 2005 08:17:43 +1100 From: Daniel Carosone <dan@geek.com.au> To: soralx@cydem.org Cc: tech-security@NetBSD.ORG Subject: Re: FUD about CGD and GBDE Message-ID: <20050307211743.GD20827@bcd.geek.com.au> In-Reply-To: <200503070940.49393.soralx@cydem.org> References: <200503052027.j25KRmAF055472@marlena.vvi.at> <200503070940.49393.soralx@cydem.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Mar 07, 2005 at 09:43:13AM -0700, soralx@cydem.org wrote: > > > I also believe that it would be beneficial to implement regular rewriting > > of randomly picked lock sector(s) at random times during a user specified > > interval (up to x rewrites within n seconds) in order to further obscure > > the write pattern and provide additional protection for lock sectors. > > I agree. I don't. Hiding the lock sector is pointless for hot disk attacks. A malicious SAN administrator (and other intermediaries, if transport encryption is not used) can identify the lock sector trivially, because gbde decrypts its location and tells you: it goes straight there on startup. -- Dan. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (NetBSD) iD8DBQFCLMT3EAVxvV4N66cRAjwdAJ0YIII6Wru0sABfMfvTFlwUCqtPuQCfSKMH s4GFYA0kk/bKutoV5VCVCho= =Vbqw -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050307211743.GD20827>