svn commit: r216147 - head/sbin/geom/class/eli

Xin LI delphij at delphij.net
Fri Dec 3 19:47:14 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 12/03/10 09:15, Ulrich Spörlein wrote:
> On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote:
>> Author: delphij
>> Date: Fri Dec  3 10:06:19 2010
>> New Revision: 216147
>> URL: http://svn.freebsd.org/changeset/base/216147
>>
>> Log:
>>    * Recommend a overwrite of whole geli provider before use.
>>    * Correct a typo while I'm there.
>>   
>>   Reviewed by:	pjd
>>   MFC after:	2 weeks
>>
>> Modified:
>>   head/sbin/geom/class/eli/geli.8
>>
>> Modified: head/sbin/geom/class/eli/geli.8
>> ==============================================================================
>> --- head/sbin/geom/class/eli/geli.8	Fri Dec  3 09:26:56 2010	(r216146)
>> +++ head/sbin/geom/class/eli/geli.8	Fri Dec  3 10:06:19 2010	(r216147)
>> @@ -24,7 +24,7 @@
>>  .\"
>>  .\" $FreeBSD$
>>  .\"
>> -.Dd October 20, 2010
>> +.Dd December 3, 2010
>>  .Dt GELI 8
>>  .Os
>>  .Sh NAME
>> @@ -842,7 +842,7 @@ Enter passphrase:
>>  .Nm
>>  supports two encryption modes:
>>  .Nm XTS ,
>> -which was standarized as
>> +which was standardized as
>>  .Nm IEE P1619
>>  and
>>  .Nm CBC
>> @@ -873,6 +873,10 @@ changes with the data he owns without no
>>  In other words
>>  .Nm
>>  will not protect your data against replay attacks.
>> +.Pp
>> +It is recommended to write the whole provider before the first use,
>> +in order to make sure that all sectors and their corresponding
>> +checksums are properly initialized into a consistent state.
>>  .Sh SEE ALSO
>>  .Xr crypto 4 ,
>>  .Xr gbde 4 ,
> 
> I'm not sure this wording is very helpful. Why should there be a
> "consistent" state? In fact, if you write all zeros to the partition
> before creating the geom, then an attacker pretty much knows how much
> data you have written to the provider. I'm not saying this weakens any
> security, but I think the current phrasing will confuse the reader. What
> needs to be consistent? What does writing to the provider mean?
> 
> Or am I mixing up provider and consumer here?

How would you like the attached patch?

Cheers,
- -- 
Xin LI <delphij at delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!	       Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iQEcBAEBCAAGBQJM+UkvAAoJEATO+BI/yjfBP1oIANH6E0mTqQWc8b0WFd61YYTr
t2YTiJGyUXa1bt9LnhQr8iasCYKx9AqAHO0sDMjezo94jYfpyW/C0jYD7vj+fuIP
m84CWUfbKC079REhvv/j9t+mbcEFiQK3u4I3nG/ArNSbjXZUOvkav3c20rGHtwEy
ncwGWwTB/5Z5zIT4hPS4e6hiUSR5afBQu+Ww0CqyK2S3w6cdY/kQyyFH8De4TbnX
MBhJw/74Y6mRM0PjsIuISP59ZxV5OelWz/DZmcP6tNXmpv3ExW6TmD4ov9X/9eYS
WRNi2ygNpGMKHx/8RqKtDOdQ1R0nz9lKUt3Zg5q8GhGS0Lce4GuoaRr0XWQD19I=
=ipPy
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: geli.8
===================================================================
--- geli.8	(revision 216157)
+++ geli.8	(working copy)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 3, 2010
+.Dd December 4, 2010
 .Dt GELI 8
 .Os
 .Sh NAME
@@ -874,7 +874,15 @@
 .Nm
 will not protect your data against replay attacks.
 .Pp
-It is recommended to write the whole provider before the first use,
+The
+.Nm
+class does not distinguish whether data is written after its creation,
+therefore, read from
+.Dq uninitialized
+area may result in false positives on data corruption.
+It is recommended to write the whole provider
+.Pq for instance, Pa /dev/ Ns Ao prov Ac Ns .eli
+before its first use, ideally with random data,
 in order to make sure that all sectors and their corresponding
 checksums are properly initialized into a consistent state.
 .Sh SEE ALSO

More information about the svn-src-all mailing list