Date: Sat, 11 Oct 2014 11:30:08 +0800 From: Erich Dollansky <erichsfreebsdlist@alogt.com> To: "Michael W. Lucas" <mwlucas@michaelwlucas.com> Cc: hackers@freebsd.org Subject: Re: GBDE not protecting the user Message-ID: <20141011113008.705ba16d@X220.alogt.com> In-Reply-To: <20141010215842.GA6717@mail.michaelwlucas.com> References: <20141010215842.GA6717@mail.michaelwlucas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, 10 Oct 2014 17:58:42 -0400 "Michael W. Lucas" <mwlucas@michaelwlucas.com> wrote: > [Tried questions@, no answer, and the code contains things I just > cannot trigger.] > just try geli. It works for me. What I like most is that you can have key and password on external media. No external media - no decyphering. I also see the destruction possible but I do not use this feature. Erich > Hi, > > Been playing with GBDE a while, trying to make it protect me. > > One of the features of GBDE is that it should "provide tangible > feedback" that the data has been destroyed. (See PHK's paper at > http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf, section 4.1.) > > The man page doesn't mention how to make GBDE whine, so what the heck, > let's make it tell me the keys are destroyed. > > Creating GBDE devices is very simple. > > # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock > > I created a filesystem, mounted it, put files on it, unmounted. > > There's two operations to wipe out a GBDE: nuke and destroy. Nuke > looks like the right thing. I nuke all the keys: > > # gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1 > Enter passphrase: > Opened with key 0 > Nuked key 0 > Nuked key 1 > Nuked key 2 > Nuked key 3 > # gbde attach gpt/encrypted -l /etc/encrypted.lock > Enter passphrase: > # > > The .bde device isn't there, and my filesystem is gone. But I received > no confirmation that the keys were destroyed. > > I also didn't get a message that the device couldn't be attached, > although it clearly isn't. > > Fine. Let's try 'gbde destroy'. > > # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock > Enter new passphrase: > Reenter new passphrase: > # gbde destroy gpt/encrypted -l /etc/encrypted.lock > Enter passphrase: > Opened with key 0 > # gbde attach gpt/encrypted -l /etc/encrypted.lock > Enter passphrase: > # > > The device isn't attached, it just fails silently. And failing with a > specific complaint is the whole point of GBDE. > > Did I misunderstand the GBDE functionality? Am I missing something > daft? Has this code just decayed with GELI's arrival? > > Thanks, > ==ml > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141011113008.705ba16d>