Date: Wed, 19 Jun 2013 03:17:24 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-geom@freebsd.org Subject: geli external header (metadata) Message-ID: <CAD2Ti2_8pBDz1__kKHhPgAMhP8JfKkh_4HMGMaUspkEjpQ7qOg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> I made a patch to support of external header (metadata) on GEOM ELI (geli) > System: FreeBSD 9-STABLE r250964 i386 > geli patch - http://pastebin.com/UGpnMN19 > regresion patch - http://pastebin.com/hJVkTpJZ It would be nice to see this option or some similar fix implemented. It's plausible (perhaps even at to deniability), for someone to have a disk full of random data if that is part of their disk testing or wipe for reuse strategy as well as other applications where random data is used. But having a sector on that very same random media or system that screams 'GELI' and matches g_eli.h would seem not a good idea at all. GELI thereby earns a higher place on the list of cryptos tried to find brute access, or to examine its implementation closely to find a weak access. Much better to offer detachment of metadata for those who prefer it and do not mind use of USB or other means to store and associate passphrase, keyfile and metadata. Simple detachment is good, but not an encrypted solution... In the longer term, incorporating access to metadata after the passphrase/keyfile entry process (under a new encrypted metadata scheme) could be better. It would then appear random. And so even if it was still placed alongside as a separate automatic sector for the simplest end user model, it would not appear any different. It may even be a useful option (depending on how the user expects to use the main data, such as with some app that writes to the whole, or most of the, extent every time) to have the encrypted metadata change, such as by including a timestamp at attach/detach/some_kernel_time, so that, if still alongside, it does not appear to an observer over time to be a static blob, which could give away info about what the extent is for. Whether the data covers an entire device, slice, partition, file or some other full or partial extent... it just does not seem good at all to have this unencrypted bit there saying: 'Hello, I'm GELI'. > I'd much prefer to have this implemented without the need of > storing metadata outside. If GELI presents a 1:1 crypt:clear device, there's no way to put the metadata within those same number of presented sectors, it would be obliterated. It would have to be outside, or accept all metadata parameters by the command line, for which a separate metadata file/sector is easier to manage. Then again, use of 'aalgo' presents fewer sectors so there is maybe a method there.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_8pBDz1__kKHhPgAMhP8JfKkh_4HMGMaUspkEjpQ7qOg>