From owner-svn-src-all@FreeBSD.ORG Fri Dec 3 18:54:04 2010 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E79E2106566C; Fri, 3 Dec 2010 18:54:04 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6934C8FC08; Fri, 3 Dec 2010 18:54:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=two; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=Qwc+BeBTakB/M0mqldVuEZN7FWfZbokl5Gk6KHRj1Ms=; b=sUu7OmpRvl14tmAH+gFxVEQgi9WaFDFHuNcaENeE6zRUZHcL+HAT+0tNpwNOGNq0xqN1wXbp1DGIBzLzYHNUY/Kb1bjts1EYKke4AhsMiZPbjfyqPuaZiw6G+ETf9ShbHTwlTPfYb9IOzoK4GPPU4iJNqYj4K7jJ3oI8WaMKXqwQZNzvABowjYj+JIIKbj3I31QipUYGLcpoUTw8zKySV/hUPG67e7HZ+VZPkq1wlj1XzXraj9WXutp3azFtkSpGnH0v5ssQyTZJH7LGxvKj4IzeXeUdjdp0vDgzP6zrDab6RTF/CWGlpd3hP6gXSSIv1uipqnlyqMEEtIxlr3/cng==; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1POaW8-000HOs-6m; Fri, 03 Dec 2010 21:38:00 +0300 Date: Fri, 3 Dec 2010 21:37:57 +0300 From: Eygene Ryabinkin To: Ulrich Sp??rlein , Xin LI , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Message-ID: References: <201012031006.oB3A6J1S070688@svn.freebsd.org> <20101203171534.GE3256@acme.spoerlein.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101203171534.GE3256@acme.spoerlein.net> Sender: rea@codelabs.ru Cc: Subject: Re: svn commit: r216147 - head/sbin/geom/class/eli X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2010 18:54:05 -0000 Fri, Dec 03, 2010 at 06:15:34PM +0100, Ulrich Sp??rlein wrote: > On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote: [...] > > +.Pp > > +It is recommended to write the whole provider before the first use, > > +in order to make sure that all sectors and their corresponding > > +checksums are properly initialized into a consistent state. > > .Sh SEE ALSO > > .Xr crypto 4 , > > .Xr gbde 4 , > > I'm not sure this wording is very helpful. Why should there be a > "consistent" state? In fact, if you write all zeros to the partition > before creating the geom, No, partition should be fully overwritten _after_ you had created the encrypted partition and this should be done on the .eli partition to allow the GEOM_ELI to place the correct checksums into the sectors of the provider geli is operating at. "geli init" won't do this, because it is time-consuming, I think. But I wonder if it will be a good idea to arm "geli init" with the additional flag that will attach the created partition, overwrite it with some data and detach the provider afterwards. The data that will overwrite the provider should be "random" -- we can't just use some known one, since this will allow attacker to replay the blocks (overwrite them back) with the full knowledge of their contents. But perhaps we will need not the fully random data, but something that is derived from the secret key, because what we really need to hide from the attacker is a plain text that leaves inside the encrypted sectors. -- Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]