svn commit: r216147 - head/sbin/geom/class/eli
Xin LI
delphij at delphij.net
Fri Dec 3 19:47:14 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/03/10 09:15, Ulrich Spörlein wrote:
> On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote:
>> Author: delphij
>> Date: Fri Dec 3 10:06:19 2010
>> New Revision: 216147
>> URL: http://svn.freebsd.org/changeset/base/216147
>>
>> Log:
>> * Recommend a overwrite of whole geli provider before use.
>> * Correct a typo while I'm there.
>>
>> Reviewed by: pjd
>> MFC after: 2 weeks
>>
>> Modified:
>> head/sbin/geom/class/eli/geli.8
>>
>> Modified: head/sbin/geom/class/eli/geli.8
>> ==============================================================================
>> --- head/sbin/geom/class/eli/geli.8 Fri Dec 3 09:26:56 2010 (r216146)
>> +++ head/sbin/geom/class/eli/geli.8 Fri Dec 3 10:06:19 2010 (r216147)
>> @@ -24,7 +24,7 @@
>> .\"
>> .\" $FreeBSD$
>> .\"
>> -.Dd October 20, 2010
>> +.Dd December 3, 2010
>> .Dt GELI 8
>> .Os
>> .Sh NAME
>> @@ -842,7 +842,7 @@ Enter passphrase:
>> .Nm
>> supports two encryption modes:
>> .Nm XTS ,
>> -which was standarized as
>> +which was standardized as
>> .Nm IEE P1619
>> and
>> .Nm CBC
>> @@ -873,6 +873,10 @@ changes with the data he owns without no
>> In other words
>> .Nm
>> will not protect your data against replay attacks.
>> +.Pp
>> +It is recommended to write the whole provider before the first use,
>> +in order to make sure that all sectors and their corresponding
>> +checksums are properly initialized into a consistent state.
>> .Sh SEE ALSO
>> .Xr crypto 4 ,
>> .Xr gbde 4 ,
>
> I'm not sure this wording is very helpful. Why should there be a
> "consistent" state? In fact, if you write all zeros to the partition
> before creating the geom, then an attacker pretty much knows how much
> data you have written to the provider. I'm not saying this weakens any
> security, but I think the current phrasing will confuse the reader. What
> needs to be consistent? What does writing to the provider mean?
>
> Or am I mixing up provider and consumer here?
How would you like the attached patch?
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)
iQEcBAEBCAAGBQJM+UkvAAoJEATO+BI/yjfBP1oIANH6E0mTqQWc8b0WFd61YYTr
t2YTiJGyUXa1bt9LnhQr8iasCYKx9AqAHO0sDMjezo94jYfpyW/C0jYD7vj+fuIP
m84CWUfbKC079REhvv/j9t+mbcEFiQK3u4I3nG/ArNSbjXZUOvkav3c20rGHtwEy
ncwGWwTB/5Z5zIT4hPS4e6hiUSR5afBQu+Ww0CqyK2S3w6cdY/kQyyFH8De4TbnX
MBhJw/74Y6mRM0PjsIuISP59ZxV5OelWz/DZmcP6tNXmpv3ExW6TmD4ov9X/9eYS
WRNi2ygNpGMKHx/8RqKtDOdQ1R0nz9lKUt3Zg5q8GhGS0Lce4GuoaRr0XWQD19I=
=ipPy
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: geli.8
===================================================================
--- geli.8 (revision 216157)
+++ geli.8 (working copy)
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 3, 2010
+.Dd December 4, 2010
.Dt GELI 8
.Os
.Sh NAME
@@ -874,7 +874,15 @@
.Nm
will not protect your data against replay attacks.
.Pp
-It is recommended to write the whole provider before the first use,
+The
+.Nm
+class does not distinguish whether data is written after its creation,
+therefore, read from
+.Dq uninitialized
+area may result in false positives on data corruption.
+It is recommended to write the whole provider
+.Pq for instance, Pa /dev/ Ns Ao prov Ac Ns .eli
+before its first use, ideally with random data,
in order to make sure that all sectors and their corresponding
checksums are properly initialized into a consistent state.
.Sh SEE ALSO
More information about the svn-src-all
mailing list