Re: RFC: backporting GEOM to the 4.x branch

看板DFBSD_kernel作者elric.時間21年前 (2005/02/28 06:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串19/39 (看更多)

[ cc'ing tech-security@NetBSD.org, because there has been talk of GBDE there in the past.] Well, I thought that since I saw this: ALeine wrote a while ago: >df@xxxxxx wrote: >> >> Wouldn't be easier porting cgd* from NetBSD ? >> >> * http://www.netbsd.org/guide/en/chap-cgd.html > >Perhaps, but I believe GBDE to be superior to CGD for a number >of reasons, one of the most important being that with GBDE you >can change the passphrase without re-encrypting the entire disk, >which is not the case with CGD, AFAIK. From Poul-Henning Kamp's >paper on GBDE: That, as the author of CGD, I should respond to some common misconceptions about my work which seem to be percolating around. First, on the capability front, you can: 1. change the passphrase on a disk without re-encrypting it, 2. have as many passphrases as you would like to configure, 3. use n-factor authentication with arbitrary large n. Also, GBDE has a number of serious drawbacks. All of which would be show-stoppers if I were considering using it for serious security work, or even use in a production environment. There is no protection _at_all_ against dictionary attacks. Where CGD uses PKCS#5 in a completely standard way to frustrate dictionary attacks, GBDE does exactly nothing. In fact, worse than nothing. It is possible to conduct half of the dictionary attack offline, so the actual online portion of the attack is something that my laptop could make about 2^30 guesses in a couple of hours. So, it is insecure from the start. GBDE has no facility for using different encryption algorithms than the rather... interesting one that it comes with. There is no way to trade speed and security for different use cases, and the only algorithm that it comes with is very slow. Less than half the performance of CGD's most secure algorithm (AES256). So, now that we've touched on the security problems... Let's think about using GBDE in production. Please reference http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf And read Section 7.5, and refer to figure 2. Each disk write involves two writes to the disk. Where is the journal? I do not see any talk about a journal in the paper, or the GBDE source code. Hence, if the OS crashes or if a removable disk is removed at the wrong time, etc. etc. it is possible that only one of those writes would succeed. I think that we can all see where this is going. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/

‣ 返回看板[ DFBSD_kernel ] DBSD

‣ 更多 elric. 的文章

文章代碼(AID): #128aCZ00 (DFBSD_kernel)