From owner-freebsd-questions@FreeBSD.ORG Wed Dec 5 00:03:49 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2CDF16A468 for ; Wed, 5 Dec 2007 00:03:48 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-16.bluehost.com (outbound-mail-16.bluehost.com [69.89.20.231]) by mx1.freebsd.org (Postfix) with SMTP id B8D3513C4CE for ; Wed, 5 Dec 2007 00:03:48 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 26594 invoked by uid 0); 5 Dec 2007 00:03:48 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by mailproxy1.bluehost.com with SMTP; 5 Dec 2007 00:03:48 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1Izhjw-0007Sf-1r for freebsd-questions@freebsd.org; Tue, 04 Dec 2007 17:03:48 -0700 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id lB504Nr9078627 for ; Tue, 4 Dec 2007 17:04:24 -0700 (MST) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id lB504N82078626 for freebsd-questions@freebsd.org; Tue, 4 Dec 2007 17:04:23 -0700 (MST) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Tue, 4 Dec 2007 17:04:23 -0700 From: Chad Perrin To: FreeBSD Questions Message-ID: <20071205000423.GA78603@demeter.hydra> Mail-Followup-To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.net} {sentby:bopbeforesmtp 24.9.123.251 authed with apotheon.com} X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box183.bluehost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [737 12] / [47 12] X-AntiAbuse: Sender Address Domain - apotheon.com Subject: GBDE and GELI security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2007 00:03:49 -0000 I've read reports to the effect that GBDE is vulnerable to online dictionary attacks unless two-factor authentication is used. The only such report I can find now is this discussion of NetBSD's CGD, where its author contrasts it with GBDE: http://www.onlamp.com/lpt/a/6384 Is this still the case? Are there any other security concerns related to GBDE's implementation that you might mention? How well does GELI stack up against GBDE? I was surprised to read that OpenBSD's svnd is vulnerable to *offline* dictionary attacks. Any comments on that? -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Sen. Dick Durbin, D-IL, to an RIAA executive: "Are you headed to junior high schools to round up the usual suspects?"