svn commit: r216147 - head/sbin/geom/class/eli
Ulrich Spörlein
uqs at spoerlein.net
Fri Dec 3 17:15:36 UTC 2010
On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote:
> Author: delphij
> Date: Fri Dec 3 10:06:19 2010
> New Revision: 216147
> URL: http://svn.freebsd.org/changeset/base/216147
>
> Log:
> * Recommend a overwrite of whole geli provider before use.
> * Correct a typo while I'm there.
>
> Reviewed by: pjd
> MFC after: 2 weeks
>
> Modified:
> head/sbin/geom/class/eli/geli.8
>
> Modified: head/sbin/geom/class/eli/geli.8
> ==============================================================================
> --- head/sbin/geom/class/eli/geli.8 Fri Dec 3 09:26:56 2010 (r216146)
> +++ head/sbin/geom/class/eli/geli.8 Fri Dec 3 10:06:19 2010 (r216147)
> @@ -24,7 +24,7 @@
> .\"
> .\" $FreeBSD$
> .\"
> -.Dd October 20, 2010
> +.Dd December 3, 2010
> .Dt GELI 8
> .Os
> .Sh NAME
> @@ -842,7 +842,7 @@ Enter passphrase:
> .Nm
> supports two encryption modes:
> .Nm XTS ,
> -which was standarized as
> +which was standardized as
> .Nm IEE P1619
> and
> .Nm CBC
> @@ -873,6 +873,10 @@ changes with the data he owns without no
> In other words
> .Nm
> will not protect your data against replay attacks.
> +.Pp
> +It is recommended to write the whole provider before the first use,
> +in order to make sure that all sectors and their corresponding
> +checksums are properly initialized into a consistent state.
> .Sh SEE ALSO
> .Xr crypto 4 ,
> .Xr gbde 4 ,
I'm not sure this wording is very helpful. Why should there be a
"consistent" state? In fact, if you write all zeros to the partition
before creating the geom, then an attacker pretty much knows how much
data you have written to the provider. I'm not saying this weakens any
security, but I think the current phrasing will confuse the reader. What
needs to be consistent? What does writing to the provider mean?
Or am I mixing up provider and consumer here?
Uli
More information about the svn-src-all
mailing list