From owner-freebsd-hackers@FreeBSD.ORG  Sat Feb 23 22:54:14 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 878FF16A401
	for <freebsd-hackers@freebsd.org>; Sat, 23 Feb 2008 22:54:14 +0000 (UTC)
	(envelope-from lx@redundancy.redundancy.org)
Received: from redundancy.redundancy.org (redundancy.redundancy.org
	[64.147.160.152])
	by mx1.freebsd.org (Postfix) with SMTP id 7139A13C457
	for <freebsd-hackers@freebsd.org>; Sat, 23 Feb 2008 22:54:14 +0000 (UTC)
	(envelope-from lx@redundancy.redundancy.org)
Received: (qmail 28540 invoked by uid 1001); 23 Feb 2008 22:27:56 -0000
Date: Sat, 23 Feb 2008 14:27:33 -0800
From: "David E. Thiel" <lx@FreeBSD.org>
To: freebsd-hackers@freebsd.org
Message-ID: <20080223222733.GI12067@redundancy.redundancy.org>
References: <20080223010856.7244.qmail@smasher.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080223010856.7244.qmail@smasher.org>
X-OpenPGP-Key-fingerprint: 482A 8C46 C844 7E7C 8CBC 2313 96EE BEE5 1F4B CA13
X-OpenPGP-Key-available: http://redundancy.redundancy.org/lx.gpg
X-Face: %H~{$1~NOw1y#%mM6{|4:/<p]y9X%E+4%:1wo-M!re,zl.qH~yzbL-MWhtp$3QuKP&di
	/a{FOctD[FuX.\n4U*,M{TJg$oYp663.NyX!%H~~Tw$eR9xZU5W?1BM#t"a@'27^2x
User-Agent: Mutt/1.5.17 (2007-11-01)
Subject: Re: Security Flaw in Popular Disk Encryption Technologies
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Feb 2008 22:54:14 -0000

On Sat, Feb 23, 2008 at 02:08:31PM +1300, Atom Smasher wrote:
> article below. does anyone know how this affects eli/geli?

There's fairly little any disk crypto system can do to thoroughly defend
against this. The best workaround currently is to turn off your machine
when not in use. This has always been a good idea, since even without
this attack, a running or sleeping machine can simply be retained until
the appearance of a 0-day in the kernel or other running services.
Granted, that often takes a while for FreeBSD. ;) Also, keeping your
*really* sensitive data in a separate encrypted store which isn't always
mounted is probably a good idea.