FUD about CGD and GBDE
Daniel Carosone
dan at geek.com.au
Mon Mar 7 21:17:50 GMT 2005
On Mon, Mar 07, 2005 at 09:43:13AM -0700, soralx at cydem.org wrote:
>
> > I also believe that it would be beneficial to implement regular rewriting
> > of randomly picked lock sector(s) at random times during a user specified
> > interval (up to x rewrites within n seconds) in order to further obscure
> > the write pattern and provide additional protection for lock sectors.
>
> I agree.
I don't. Hiding the lock sector is pointless for hot disk attacks. A
malicious SAN administrator (and other intermediaries, if transport
encryption is not used) can identify the lock sector trivially,
because gbde decrypts its location and tells you: it goes straight
there on startup.
--
Dan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050308/02b41fc4/attachment.bin
More information about the freebsd-hackers
mailing list