Date: Mon, 07 Mar 2005 11:06:56 -0700 From: soralx@cydem.org To: freebsd-hackers@FreeBSD.ORG, tech-security@NetBSD.ORG Cc: phk@phk.freebsd.dk Subject: Re: FUD about CGD and GBDE Message-ID: <200503071106.56075.soralx@cydem.org> In-Reply-To: <18767.1110214190@critter.freebsd.dk> References: <18767.1110214190@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I agree. I would also add random reads (or specially designed, combined > >random reads and writes) to make traffic analysis and differential attacks > >a real PITA for the hacker (although this idea may not be very effective > >against a highly motivated and determined attacker, such as some > > government, for instance). > > If you want to do something like this, you want to do sectorrenaming > and journaling since that means you can only see that something > was written but not what it was that was written. So you think that just adding specially crafted, random reads/writes will have no significant positive impact on security of "hot" disks? > The performance cost can be considerable and the complexity formidable. > There are incredibly many cornercases to handle. But you do not deny that providing strong protection for "hot" disks is very important? After all, user protection is only available when the disk is hot. Speaking of user protection, how did you implement the procedure of erasing keys? Did you account for the properties of magnetic media and RAM that make data recovery possible? See, for example: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Timestamp: 0x422C930D [SorAlx] http://cydem.org.ua/ ridin' VN1500-B2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503071106.56075.soralx>