From owner-freebsd-geom@FreeBSD.ORG Wed Jan 14 05:16:50 2015 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4CBB2D49; Wed, 14 Jan 2015 05:16:50 +0000 (UTC) Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B9183679; Wed, 14 Jan 2015 05:16:49 +0000 (UTC) Received: by mail-la0-f52.google.com with SMTP id hs14so6276667lab.11; Tue, 13 Jan 2015 21:16:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:reply-to:to:cc:references:in-reply-to:subject:date :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=XJ7qMCtLV4K9HTcdJZZOJSkCKazP+zKnkbNJ/diEDB8=; b=d3j2ZJmJEYVIyRTL2MSnXKMYnfU3r/OtPIE0pzKvBaKUCFEOdsAk6xM2+gsnlfH+i2 hjrDM/beyxaWucPgcSISGidSKP/P7+4AC2pVo6EmdLRy86nIRsQ4JIVwjUzmguyLW+mt DASBz3Ipc9iWCRn2r3ckIGTbiogNSRZpQk7g0NqxWThHGdpWJatBQIb4Grl/JM1mKqpx OMb7DR1YM4gnkjPFuvov18EQm06nN97yR0Mn8SPPd/yy1tAEZOHBedkjHq/wVhgOY6vT AAyQIXyIzla5yoBfmxC7Q+71vmu2ffYCMSqtgXVtDB1DoAFkc6VnNQ9T6hIAGuRn5z2o 4kiA== X-Received: by 10.112.162.4 with SMTP id xw4mr1768643lbb.89.1421212607749; Tue, 13 Jan 2015 21:16:47 -0800 (PST) Received: from rimwks1w7x64 ([2001:470:1f15:8e:b007:2759:7397:9491]) by mx.google.com with ESMTPSA id v4sm2021348lbz.12.2015.01.13.21.16.45 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Jan 2015 21:16:46 -0800 (PST) Message-ID: <54b5fbbe.4457700a.2456.6944@mx.google.com> X-Google-Original-Message-ID: <028401d02fb9$4b11b010$e1351030$@IM@gmail.com> From: rozhuk.im@gmail.com X-Google-Original-From: Reply-To: To: "'Kimmo Paasiala'" References: <54b33bfa.e31b980a.3e5d.ffffc823@mx.google.com> <54B4AE55.9090205@platinum.linux.pl> <54b5d299.4914980a.61cd.43a6@mx.google.com> In-Reply-To: Subject: RE: ChaCha8/12/20 and GEOM ELI tests Date: Wed, 14 Jan 2015 08:16:44 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AdAvqn9GJSXYqkLGQlKI120JgveVWwADsClQ Content-Language: ru Cc: 'FreeBSD Hackers' , freebsd-geom@freebsd.org, 'Adam Nowacki' X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 05:16:50 -0000 > >> Depends on the capabilities of the attacker. > >> > >> To be able to continuously read encrypted sectors for data > collection is too much. > >> > > > When talking about disk encryption the first assumption is that the=20 > attacker always has this capability, even with so much power the=20 > attacker shouldn't be able to break the encryption scheme. If he can=20 > then the encryption scheme is not secure. >=20 > Ift the attacker can learn anything about the unencrypted data or=20 > predict something about future encrypted or unencrypted blocks by=20 > analyzing the previous encrypted blocks the encryption scheme should=20 > be considered insecure. I consider the case when the disk can be obtained by physically an = attacker. All the rest of the disk directly connected to the computer. If an attacker can read encrypted data directly to disk means that the = system is already compromised by an attacker, and probably in this case = can read the data from the disk and through read() already decrypted and = get the key from the kernel memory.