From owner-cvs-all  Mon May 27  2:32:13 2002
Delivered-To: cvs-all@freebsd.org
Received: from anchor-post-32.mail.demon.net (anchor-post-32.mail.demon.net [194.217.242.90])
	by hub.freebsd.org (Postfix) with ESMTP
	id 48B0E37B407; Mon, 27 May 2002 02:32:06 -0700 (PDT)
Received: from mailgate.nlsystems.com ([62.49.251.130] helo=herring.nlsystems.com)
	by anchor-post-32.mail.demon.net with esmtp (Exim 3.35 #1)
	id 17CGqc-000DkC-0W; Mon, 27 May 2002 10:31:26 +0100
Received: from herring.nlsystems.com (localhost [127.0.0.1])
	by herring.nlsystems.com (8.12.3/8.11.2) with ESMTP id g4R9VFwC001435;
	Mon, 27 May 2002 10:31:15 +0100 (BST)
	(envelope-from dfr@herring.nlsystems.com)
Received: (from dfr@localhost)
	by herring.nlsystems.com (8.12.3/8.12.3/Submit) id g4R9VF3r001434;
	Mon, 27 May 2002 10:31:15 +0100 (BST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Doug Rabson <dfr@nlsystems.com>
To: Poul-Henning Kamp <phk@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c
Date: Mon, 27 May 2002 10:31:14 +0100
User-Agent: KMail/1.4.1
References: <200205261814.g4QIEdg85920@freefall.freebsd.org>
In-Reply-To: <200205261814.g4QIEdg85920@freefall.freebsd.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200205271031.15065.dfr@nlsystems.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Sunday 26 May 2002 7:14 pm, Poul-Henning Kamp wrote:
> phk         2002/05/26 11:14:38 PDT
>
>   Modified files:
>     sys/conf             files
>   Added files:
>     sys/geom             geom_aes.c
>   Log:
>   Add a proof-of-concept encryption class.
>
>   "The only hard problem in cryptography is key-management."
>
>   All sectors are encrypted with AES in CBC mode using a constant key,
>   currently compiled in and all zero.

Isn't this a bit pointless. The on-disk data structures are so predictabl=
e=20
that you have any number of known-plaintext attacks against this. The onl=
y=20
point to encryption at this level is to protect data against physical acc=
ess=20
to the drive and this doesn't seem to be able to do that...

--=20
Doug Rabson=09=09=09=09Mail:  dfr@nlsystems.com
=09=09=09=09=09Phone: +44 20 8348 6160


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message