From owner-freebsd-geom@FreeBSD.ORG Tue Aug 15 23:00:54 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17F2A16A4DF for ; Tue, 15 Aug 2006 23:00:54 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30305.mail.mud.yahoo.com (web30305.mail.mud.yahoo.com [209.191.69.67]) by mx1.FreeBSD.org (Postfix) with SMTP id 8038643D77 for ; Tue, 15 Aug 2006 23:00:49 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 16129 invoked by uid 60001); 15 Aug 2006 23:00:48 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VZ+5NCiEVW5BE6Le6/Q0Iq8C2TzvCycHdjD5IGLjKgq4H8y+ibAzM81mrGvz+5zfz1cjHfQWI9bTJrQt63HsfCTZmXN/PgxRQRCidLI5BmAwXs6n4eIRY5Mv5qRFrX18F/tA/BkFqQ7mFNj5MrQE36CjztGBlMFMXuq1OHLJr4g= ; Message-ID: <20060815230048.16127.qmail@web30305.mail.mud.yahoo.com> Received: from [213.54.79.179] by web30305.mail.mud.yahoo.com via HTTP; Tue, 15 Aug 2006 16:00:48 PDT Date: Tue, 15 Aug 2006 16:00:48 -0700 (PDT) From: "R. B. Riddick" To: User1001 In-Reply-To: <44DDF69F.7040104@globaleyes.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-geom@freebsd.org Subject: Re: Verifying GELI disk encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 23:00:54 -0000 --- User1001 wrote: > What are some relatively simple ways to verify the encryption of/on a > GELI device? > Hmm... You could compare sector-wise the content of the encrypted and the clear device. If u find a match the encryption is not so strong... :-) WARNING! The following idea (if realized) might destroy important data): You could write a certain pattern to the device and then u could read from the device and compare the result to the pattern. If u find a mismatch the encryption was irreversible. :-) Or what did u mean? The strength of cryptographic algorithms is often (e. g. in case of GEOM's GELI) not so obvious, because: There might be a mathematical trick, that solves the underlying problem without the secret, or there might be a technical trick (e. g. a time machine or something even more weird (maybe something with parallel time lines that can be split whenever a decision has to be made (like in StarTrek TNG with Cpt. Picard))), that solves the underlying problem with brute force in linear time (linear in the amount of decisions, that have to be made; e. g. 16 bit secret results in 16 decisions) or even faster (whenever a decision turns out to be wrong, a failure message is sent back to the past - like in the movie Butterfly Effect). :-) -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com