From owner-freebsd-hackers@FreeBSD.ORG Mon Feb 28 00:33:43 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0D8916A4CE; Mon, 28 Feb 2005 00:33:43 +0000 (GMT) Received: from arioch.imrryr.org (arioch.imrryr.org [216.254.67.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1EB843D31; Mon, 28 Feb 2005 00:33:41 +0000 (GMT) (envelope-from elric@imrryr.org) Received: from imrryr.org (localhost [127.0.0.1]) by arioch.imrryr.org (Postfix) with ESMTP id 9055A3700F; Sun, 27 Feb 2005 19:33:26 -0500 (EST) To: Maxim Sobolev In-reply-to: Your message of "Mon, 28 Feb 2005 02:15:15 +0200." <42226293.7040603@FreeBSD.org> Organization: The Fall of Imrryr User-Agent: nmh-1.0.4 (NetBSD/alpha) X-Copyright: Copyright 2004, R. C. Dowdeswell. All Rights Reserved. X-Window-System: Release 6.3 Date: Sun, 27 Feb 2005 19:33:26 -0500 From: Roland Dowdeswell Message-Id: <20050228003326.9055A3700F@arioch.imrryr.org> X-Mailman-Approved-At: Mon, 28 Feb 2005 12:59:18 +0000 cc: freebsd-hackers@FreeBSD.org Subject: Re: RFC: backporting GEOM to the 4.x branch X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2005 00:33:44 -0000 On 1109549715 seconds since the Beginning of the UNIX epoch Maxim Sobolev wrote: > >Well, I think that this is quite minor item, since GBDE doesn't govern >transformation of the passphrase into the actual key, so that another >scheme more bullet-prof against dictionary attacks (PKCS#5 or any other) >can be developed in virtually no time at all and will require making >only minor changes to the userland utility which gets password from the >keyboard or command line, hashes it and feeds to the kernel. These changes have not been made. Until they are, the security of the entire system depends on choosing very strong passphrases which most users do not do. So, one should not inform users either explicitly or implicitly that their data is safe [at least not without the proviso that the passphrase is actually easier to attack in practise than an entry in /etc/master.passwd and hence much more care should be taken in choosing them.] >Well, it's hard to comment on this, since the only paper that I have >found on CGD is http://www.imrryr.org/~elric/cgd/cgd.pdf, which >unfortunately doesn't provide any details on how CGD encrypts data and >lays it out on disk. Actually, it does. But, I can reiterate here. CGD does not move the blocks on the disk around at all. It doesn't make much sense to do that. Each block is encrypted separately using the chosen algorithm with your key. An IV is chosen using a configurable mechanism, although I have yet only implemented one which is the encrypted block number. >So what? If the write fails in the middle, reading sector will just >produce garbage. I don't think that it's different from plain old HDD >which has been powered down in the middle of doing disk write. Disk >encryption layer is definitely not the level at which journaling should >be implemented. It's task of file system to do this. The task of >encryption layer is merely to inform the file system when transaction >(i.e. both of those two writes in this case) have been completed >successfully, so that FS can adjust its journal accordingly. That is actually quite different that what normally happens. Basically what this means is that if your OS crashes or you suffer a power out then you have a reasonable chance that you've lost blocks on the disk. This will lead to a situation where fsck may not be able to recover your file system. A file system depends on certain assumptions about the underlying disk device, namely that a single sector write is an atomic operation in order to accomplish its task. It looks to me from the paper and the code that GBDE breaks this fundamental assumption. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/