From owner-cvs-all  Mon May 27  5:20:16 2002
Delivered-To: cvs-all@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP
	id BA67B37B406; Mon, 27 May 2002 05:20:08 -0700 (PDT)
Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.3/8.12.3) with ESMTP id g4RCK7Nt005049;
	Mon, 27 May 2002 13:20:07 +0100 (BST)
	(envelope-from mark@grimreaper.grondar.org)
Received: (from uucp@localhost)
	by storm.FreeBSD.org.uk (8.12.3/8.12.3/Submit) with UUCP id g4RCK73u005043;
	Mon, 27 May 2002 13:20:07 +0100 (BST)
Received: from grimreaper.grondar.org (localhost [127.0.0.1])
	by grimreaper.grondar.org (8.12.3/8.12.3) with ESMTP id g4RCJWCa045273;
	Mon, 27 May 2002 13:19:32 +0100 (BST)
	(envelope-from mark@grimreaper.grondar.org)
Message-Id: <200205271219.g4RCJWCa045273@grimreaper.grondar.org>
To: Doug Rabson <dfr@nlsystems.com>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c 
References: <200205271031.15065.dfr@nlsystems.com> 
In-Reply-To: <200205271031.15065.dfr@nlsystems.com> ; from Doug Rabson <dfr@nlsystems.com>  "Mon, 27 May 2002 10:31:14 BST."
Date: Mon, 27 May 2002 13:19:32 +0100
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> >   All sectors are encrypted with AES in CBC mode using a constant key,
> >   currently compiled in and all zero.
> 
> Isn't this a bit pointless. The on-disk data structures are so predictable 
> that you have any number of known-plaintext attacks against this. The only 
> point to encryption at this level is to protect data against physical access 
> to the drive and this doesn't seem to be able to do that...

Not really. Having known-plaintext gives you and angle for a Differential
Cryptanalysis attack, but you still need to recover a key (which if your
cipher is good enough, should still be hard(tm)).

There is often an element of known-plaintext in attacking someone's
encrypted data; this may be easier here, so one needs to be that much
more careful about changing keys (often) and wiping out in-core data
of a sensitive nature.

M

-- 
o       Mark Murray
\_
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message