From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 7 16:43:06 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70B8E16A4CE for ; Mon, 7 Mar 2005 16:43:06 +0000 (GMT) Received: from pd3mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F65343D60 for ; Mon, 7 Mar 2005 16:43:06 +0000 (GMT) (envelope-from soralx@cydem.org) Received: from pd5mr5so.prod.shaw.ca (pd5mr5so-qfe3.prod.shaw.ca [10.0.141.181]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ICZ00HQQQFD2WC0@l-daemon> for freebsd-hackers@FreeBSD.ORG; Mon, 07 Mar 2005 09:42:49 -0700 (MST) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd5mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ICZ00250QFD3590@pd5mr5so.prod.shaw.ca> for freebsd-hackers@FreeBSD.ORG; Mon, 07 Mar 2005 09:42:49 -0700 (MST) Received: from S01060020ed3972ba.ed.shawcable.net (S01060020ed3972ba.ed.shawcable.net [68.149.254.68]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0ICZ005GYQFDJP@l-daemon> for freebsd-hackers@FreeBSD.ORG; Mon, 07 Mar 2005 09:42:49 -0700 (MST) Date: Mon, 07 Mar 2005 09:43:13 -0700 From: soralx@cydem.org In-reply-to: <200503052027.j25KRmAF055472@marlena.vvi.at> To: freebsd-hackers@FreeBSD.ORG, tech-security@NetBSD.ORG Message-id: <200503070940.49393.soralx@cydem.org> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Content-disposition: inline References: <200503052027.j25KRmAF055472@marlena.vvi.at> User-Agent: KMail/1.5.4 cc: aleine@austrosearch.net cc: phk@phk.freebsd.dk Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 16:43:06 -0000 > I also believe that it would be beneficial to implement regular rewriting > of randomly picked lock sector(s) at random times during a user specified > interval (up to x rewrites within n seconds) in order to further obscure > the write pattern and provide additional protection for lock sectors. > ALeine I agree. I would also add random reads (or specially designed, combined random reads and writes) to make traffic analysis and differential attacks a real PITA for the hacker (although this idea may not be very effective against a highly motivated and determined attacker, such as some government, for instance). Every data storage device has to be "hot", initially at least. Moreover, it is much better to keep the disk attached until the last minute before the attacker will get access to it, because this offers the user protection: deleting keys from a "cold" disk is not possible. Therefore, it is important for GBDE to protect "hot" disks as much as possible (including protection methods against "cleaning lady" copy & differential attacks, for SAN environments & other traffic analysis attacks, etc). BTW, PHK, why did you choose the scheme of encrypting offsets of lock sectors with part of key material and storing them somewhere, instead of just using part of the key material itself to determine the offsets? Timestamp: 0x422BE3D9 [SorAlx] http://cydem.org.ua/ ridin' VN1500-B2