From owner-cvs-all Mon May 27 3:21:32 2002 Delivered-To: cvs-all@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id C4E7837B401; Mon, 27 May 2002 03:21:26 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.3/8.12.2) with ESMTP id g4RAKQpA047154; Mon, 27 May 2002 12:20:26 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Doug Rabson Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c In-Reply-To: Your message of "Mon, 27 May 2002 10:31:14 BST." <200205271031.15065.dfr@nlsystems.com> Date: Mon, 27 May 2002 12:20:26 +0200 Message-ID: <47153.1022494826@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <200205271031.15065.dfr@nlsystems.com>, Doug Rabson writes: >> Log: >> Add a proof-of-concept encryption class. >> >> All sectors are encrypted with AES in CBC mode using a constant key, >> currently compiled in and all zero. > >Isn't this a bit pointless. The on-disk data structures are so predictable >that you have any number of known-plaintext attacks against this. The only >point to encryption at this level is to protect data against physical access >to the drive and this doesn't seem to be able to do that... Yes, at this point it is pretty pointless apart as proof that GEOM is (also) able to do content transformations. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message