From owner-svn-src-all@FreeBSD.ORG Fri Dec 3 19:47:14 2010 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BB141065675; Fri, 3 Dec 2010 19:47:14 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [IPv6:2001:470:a803::1]) by mx1.freebsd.org (Postfix) with ESMTP id 8B5A98FC14; Fri, 3 Dec 2010 19:47:13 +0000 (UTC) Received: from mail.geekcn.org (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id E1DCDA5A329; Sat, 4 Dec 2010 03:47:10 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by mail.geekcn.org (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with LMTP id BRBhToNxG6ua; Sat, 4 Dec 2010 03:47:02 +0800 (CST) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id DFB47A59ADE; Sat, 4 Dec 2010 03:46:59 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type; b=IavPqfYATT+eu/BNEXxVW7bLkCU3O/lkdK2KxFg/G/hOEhblKGyOsTK5wzqegWcr6 BqUmKmLz9v6xbJ2HKIpqw== Message-ID: <4CF9492F.8040301@delphij.net> Date: Fri, 03 Dec 2010 11:46:55 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.15) Gecko/20101028 Thunderbird/3.0.10 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ulrich_Sp=F6rlein?= , Xin LI , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org References: <201012031006.oB3A6J1S070688@svn.freebsd.org> <20101203171534.GE3256@acme.spoerlein.net> In-Reply-To: <20101203171534.GE3256@acme.spoerlein.net> X-Enigmail-Version: 1.0.1 OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: multipart/mixed; boundary="------------040402050204020709080306" Cc: Subject: Re: svn commit: r216147 - head/sbin/geom/class/eli X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2010 19:47:14 -0000 This is a multi-part message in MIME format. --------------040402050204020709080306 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/03/10 09:15, Ulrich Spörlein wrote: > On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote: >> Author: delphij >> Date: Fri Dec 3 10:06:19 2010 >> New Revision: 216147 >> URL: http://svn.freebsd.org/changeset/base/216147 >> >> Log: >> * Recommend a overwrite of whole geli provider before use. >> * Correct a typo while I'm there. >> >> Reviewed by: pjd >> MFC after: 2 weeks >> >> Modified: >> head/sbin/geom/class/eli/geli.8 >> >> Modified: head/sbin/geom/class/eli/geli.8 >> ============================================================================== >> --- head/sbin/geom/class/eli/geli.8 Fri Dec 3 09:26:56 2010 (r216146) >> +++ head/sbin/geom/class/eli/geli.8 Fri Dec 3 10:06:19 2010 (r216147) >> @@ -24,7 +24,7 @@ >> .\" >> .\" $FreeBSD$ >> .\" >> -.Dd October 20, 2010 >> +.Dd December 3, 2010 >> .Dt GELI 8 >> .Os >> .Sh NAME >> @@ -842,7 +842,7 @@ Enter passphrase: >> .Nm >> supports two encryption modes: >> .Nm XTS , >> -which was standarized as >> +which was standardized as >> .Nm IEE P1619 >> and >> .Nm CBC >> @@ -873,6 +873,10 @@ changes with the data he owns without no >> In other words >> .Nm >> will not protect your data against replay attacks. >> +.Pp >> +It is recommended to write the whole provider before the first use, >> +in order to make sure that all sectors and their corresponding >> +checksums are properly initialized into a consistent state. >> .Sh SEE ALSO >> .Xr crypto 4 , >> .Xr gbde 4 , > > I'm not sure this wording is very helpful. Why should there be a > "consistent" state? In fact, if you write all zeros to the partition > before creating the geom, then an attacker pretty much knows how much > data you have written to the provider. I'm not saying this weakens any > security, but I think the current phrasing will confuse the reader. What > needs to be consistent? What does writing to the provider mean? > > Or am I mixing up provider and consumer here? How would you like the attached patch? Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQEcBAEBCAAGBQJM+UkvAAoJEATO+BI/yjfBP1oIANH6E0mTqQWc8b0WFd61YYTr t2YTiJGyUXa1bt9LnhQr8iasCYKx9AqAHO0sDMjezo94jYfpyW/C0jYD7vj+fuIP m84CWUfbKC079REhvv/j9t+mbcEFiQK3u4I3nG/ArNSbjXZUOvkav3c20rGHtwEy ncwGWwTB/5Z5zIT4hPS4e6hiUSR5afBQu+Ww0CqyK2S3w6cdY/kQyyFH8De4TbnX MBhJw/74Y6mRM0PjsIuISP59ZxV5OelWz/DZmcP6tNXmpv3ExW6TmD4ov9X/9eYS WRNi2ygNpGMKHx/8RqKtDOdQ1R0nz9lKUt3Zg5q8GhGS0Lce4GuoaRr0XWQD19I= =ipPy -----END PGP SIGNATURE----- --------------040402050204020709080306 Content-Type: text/plain; name="geli.8.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="geli.8.diff" Index: geli.8 =================================================================== --- geli.8 (revision 216157) +++ geli.8 (working copy) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 3, 2010 +.Dd December 4, 2010 .Dt GELI 8 .Os .Sh NAME @@ -874,7 +874,15 @@ .Nm will not protect your data against replay attacks. .Pp -It is recommended to write the whole provider before the first use, +The +.Nm +class does not distinguish whether data is written after its creation, +therefore, read from +.Dq uninitialized +area may result in false positives on data corruption. +It is recommended to write the whole provider +.Pq for instance, Pa /dev/ Ns Ao prov Ac Ns .eli +before its first use, ideally with random data, in order to make sure that all sectors and their corresponding checksums are properly initialized into a consistent state. .Sh SEE ALSO --------------040402050204020709080306--