GBDE not protecting the user

Erich Dollansky erichsfreebsdlist at alogt.com
Sat Oct 11 03:30:22 UTC 2014 

Hi,

On Fri, 10 Oct 2014 17:58:42 -0400
"Michael W. Lucas" <mwlucas at michaelwlucas.com> wrote:

> [Tried questions@, no answer, and the code contains things I just
> cannot trigger.]
> 
just try geli. It works for me. What I like most is that you can have
key and password on external media. No external media - no decyphering.

I also see the destruction possible but I do not use this feature.

Erich

> Hi,
> 
> Been playing with GBDE a while, trying to make it protect me.
> 
> One of the features of GBDE is that it should "provide tangible
> feedback" that the data has been destroyed. (See PHK's paper at
> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf, section 4.1.)
> 
> The man page doesn't mention how to make GBDE whine, so what the heck,
> let's make it tell me the keys are destroyed.
> 
> Creating GBDE devices is very simple.
> 
> # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
> 
> I created a filesystem, mounted it, put files on it, unmounted.
> 
> There's two operations to wipe out a GBDE: nuke and destroy. Nuke
> looks like the right thing. I nuke all the keys:
> 
> # gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1
> Enter passphrase:
> Opened with key 0
> Nuked key 0
> Nuked key 1
> Nuked key 2
> Nuked key 3
> # gbde attach gpt/encrypted -l /etc/encrypted.lock
> Enter passphrase:
> #
> 
> The .bde device isn't there, and my filesystem is gone. But I received
> no confirmation that the keys were destroyed.
> 
> I also didn't get a message that the device couldn't be attached,
> although it clearly isn't.
> 
> Fine. Let's try 'gbde destroy'.
> 
> # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
> Enter new passphrase:
> Reenter new passphrase:
> # gbde destroy gpt/encrypted -l /etc/encrypted.lock
> Enter passphrase:
> Opened with key 0
> # gbde attach gpt/encrypted -l /etc/encrypted.lock
> Enter passphrase:
> #
> 
> The device isn't attached, it just fails silently. And failing with a
> specific complaint is the whole point of GBDE.
> 
> Did I misunderstand the GBDE functionality? Am I missing something
> daft? Has this code just decayed with GELI's arrival?
> 
> Thanks,
> ==ml
> 
>

More information about the freebsd-hackers mailing list