From owner-svn-src-all@FreeBSD.ORG Fri Dec 3 17:15:36 2010 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6EE38106566C; Fri, 3 Dec 2010 17:15:36 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by mx1.freebsd.org (Postfix) with ESMTP id F329B8FC08; Fri, 3 Dec 2010 17:15:35 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.4/8.14.4) with ESMTP id oB3HFYah065389 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 3 Dec 2010 18:15:34 +0100 (CET) (envelope-from uqs@spoerlein.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=spoerlein.net; s=dkim200908; t=1291396534; bh=/2qXVopbXRYoGCgUS+Idr8mkgmvs4L4JMWUDyaL9Nxw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=XenJZqVM/SiHDaKVTaZ8A4Dv2WOP6uAlmb23ylSu3s81D6v5HVttX0FvyCzsOcKV+ LGlo8Bfd+bNjt5xuw8Yw2v2+vgThH/b1QVfZee0fPbGFLlPb8SrWTzyxJlIiZtsmEx 3nsCto4ovobNMnIKO2XwfgO+jxh9nVVHo1Lrdm88= Date: Fri, 3 Dec 2010 18:15:34 +0100 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Xin LI Message-ID: <20101203171534.GE3256@acme.spoerlein.net> Mail-Followup-To: Ulrich =?utf-8?B?U3DDtnJsZWlu?= , Xin LI , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org References: <201012031006.oB3A6J1S070688@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201012031006.oB3A6J1S070688@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r216147 - head/sbin/geom/class/eli X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2010 17:15:36 -0000 On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote: > Author: delphij > Date: Fri Dec 3 10:06:19 2010 > New Revision: 216147 > URL: http://svn.freebsd.org/changeset/base/216147 > > Log: > * Recommend a overwrite of whole geli provider before use. > * Correct a typo while I'm there. > > Reviewed by: pjd > MFC after: 2 weeks > > Modified: > head/sbin/geom/class/eli/geli.8 > > Modified: head/sbin/geom/class/eli/geli.8 > ============================================================================== > --- head/sbin/geom/class/eli/geli.8 Fri Dec 3 09:26:56 2010 (r216146) > +++ head/sbin/geom/class/eli/geli.8 Fri Dec 3 10:06:19 2010 (r216147) > @@ -24,7 +24,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd October 20, 2010 > +.Dd December 3, 2010 > .Dt GELI 8 > .Os > .Sh NAME > @@ -842,7 +842,7 @@ Enter passphrase: > .Nm > supports two encryption modes: > .Nm XTS , > -which was standarized as > +which was standardized as > .Nm IEE P1619 > and > .Nm CBC > @@ -873,6 +873,10 @@ changes with the data he owns without no > In other words > .Nm > will not protect your data against replay attacks. > +.Pp > +It is recommended to write the whole provider before the first use, > +in order to make sure that all sectors and their corresponding > +checksums are properly initialized into a consistent state. > .Sh SEE ALSO > .Xr crypto 4 , > .Xr gbde 4 , I'm not sure this wording is very helpful. Why should there be a "consistent" state? In fact, if you write all zeros to the partition before creating the geom, then an attacker pretty much knows how much data you have written to the provider. I'm not saying this weakens any security, but I think the current phrasing will confuse the reader. What needs to be consistent? What does writing to the provider mean? Or am I mixing up provider and consumer here? Uli