From owner-freebsd-hackers@FreeBSD.ORG Sun Feb 27 22:55:31 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 801A116A4CE for ; Sun, 27 Feb 2005 22:55:31 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id D863543D53 for ; Sun, 27 Feb 2005 22:55:30 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j1R30DoH003564; Sat, 26 Feb 2005 19:00:14 -0800 (PST) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j1R306ZM003563; Sat, 26 Feb 2005 19:00:06 -0800 (PST) (envelope-from www) Date: Sat, 26 Feb 2005 19:00:06 -0800 (PST) Message-Id: <200502270300.j1R306ZM003563@marlena.vvi.at> To: elric@imrryr.org From: "ALeine" cc: freebsd-hackers@freebsd.org cc: tech-security@NetBSD.org cc: kernel@crater.dragonflybsd.org Subject: Re: RFC: backporting GEOM to the 4.x branch X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Feb 2005 22:55:31 -0000 elric@imrryr.org wrote: > [ cc'ing tech-security@NetBSD.org, because there has been talk > of GBDE there in the past.] > > Well, I thought that since I saw this: > > ALeine wrote a while ago: > >df@xxxxxx wrote: > >> > >> Wouldn't be easier porting cgd* from NetBSD ? > >> > >> * http://www.netbsd.org/guide/en/chap-cgd.html > > > >Perhaps, but I believe GBDE to be superior to CGD for a number > >of reasons, one of the most important being that with GBDE you > >can change the passphrase without re-encrypting the entire disk, > >which is not the case with CGD, AFAIK. From Poul-Henning Kamp's > >paper on GBDE: > > That, as the author of CGD, I should respond to some common > misconceptions about my work which seem to be percolating around. > > First, on the capability front, you can: > > 1. change the passphrase on a disk without re-encrypting it, > 2. have as many passphrases as you would like to configure, > 3. use n-factor authentication with arbitrary large n. > > Also, GBDE has a number of serious drawbacks. All of which would > be show-stoppers if I were considering using it for serious security > work, or even use in a production environment. > > There is no protection _at_all_ against dictionary attacks. Where > CGD uses PKCS#5 in a completely standard way to frustrate dictionary > attacks, GBDE does exactly nothing. In fact, worse than nothing. > It is possible to conduct half of the dictionary attack offline, > so the actual online portion of the attack is something that my > laptop could make about 2^30 guesses in a couple of hours. So, it > is insecure from the start. > > GBDE has no facility for using different encryption algorithms than > the rather... interesting one that it comes with. There is no > way to trade speed and security for different use cases, and the > only algorithm that it comes with is very slow. Less than half > the performance of CGD's most secure algorithm (AES256). > > So, now that we've touched on the security problems... Let's think > about using GBDE in production. Please reference > > http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf > > And read Section 7.5, and refer to figure 2. > > Each disk write involves two writes to the disk. Where is the > journal? I do not see any talk about a journal in the paper, or > the GBDE source code. Hence, if the OS crashes or if a removable > disk is removed at the wrong time, etc. etc. it is possible that > only one of those writes would succeed. I think that we can all > see where this is going. > > -- > Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Thank you for taking the time to write that very informative post. I was not fully aware of all the issues you raised here, I'll look into them. In the meantime maybe someone more familiar with GBDE than myself could share their comments. I am CC:-ing this to freebsd-hackers@freebsd.org as well since I originally posted there as well. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net