DragonFly kernel List (threaded) for 2005-02
Re: RFC: backporting GEOM to the 4.x branch
> [ cc'ing tech-security@xxxxxxxxxx, because there has been talk
> of GBDE there in the past.]
> Well, I thought that since I saw this:
> ALeine wrote a while ago:
> >df@xxxxxx wrote:
> >> Wouldn't be easier porting cgd* from NetBSD ?
> >> * http://www.netbsd.org/guide/en/chap-cgd.html
> >Perhaps, but I believe GBDE to be superior to CGD for a number
> >of reasons, one of the most important being that with GBDE you
> >can change the passphrase without re-encrypting the entire disk,
> >which is not the case with CGD, AFAIK. From Poul-Henning Kamp's
> >paper on GBDE:
> That, as the author of CGD, I should respond to some common
> misconceptions about my work which seem to be percolating around.
> First, on the capability front, you can:
> 1. change the passphrase on a disk without re-encrypting it,
> 2. have as many passphrases as you would like to configure,
> 3. use n-factor authentication with arbitrary large n.
> Also, GBDE has a number of serious drawbacks. All of which would
> be show-stoppers if I were considering using it for serious security
> work, or even use in a production environment.
> There is no protection _at_all_ against dictionary attacks. Where
> CGD uses PKCS#5 in a completely standard way to frustrate dictionary
> attacks, GBDE does exactly nothing. In fact, worse than nothing.
> It is possible to conduct half of the dictionary attack offline,
> so the actual online portion of the attack is something that my
> laptop could make about 2^30 guesses in a couple of hours. So, it
> is insecure from the start.
> GBDE has no facility for using different encryption algorithms than
> the rather... interesting one that it comes with. There is no
> way to trade speed and security for different use cases, and the
> only algorithm that it comes with is very slow. Less than half
> the performance of CGD's most secure algorithm (AES256).
> So, now that we've touched on the security problems... Let's think
> about using GBDE in production. Please reference
> And read Section 7.5, and refer to figure 2.
> Each disk write involves two writes to the disk. Where is the
> journal? I do not see any talk about a journal in the paper, or
> the GBDE source code. Hence, if the OS crashes or if a removable
> disk is removed at the wrong time, etc. etc. it is possible that
> only one of those writes would succeed. I think that we can all
> see where this is going.
> Roland Dowdeswell http://www.Imrryr.ORG/~elric/
Thank you for taking the time to write that very informative post.
I was not fully aware of all the issues you raised here, I'll look
into them. In the meantime maybe someone more familiar with GBDE
than myself could share their comments. I am CC:-ing this to
freebsd-hackers@xxxxxxxxxxx as well since I originally posted
there as well.
WebMail FREE http://mail.austrosearch.net