Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
From: Bernd Walter <ticso@cicely12.cicely.de>
List: tech-security
Date: 03/03/2005 13:31:34
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote:
> In message <20050303120421.GW86348@cicely12.cicely.de>, Bernd Walter writes:
> 
> >No matter what disk you take - writes never have been atomic.
> >The major difference I see is that you get a read error back in
> >the disk failure case, while such a crypto failure produces more or
> >less random data without any error.
> >Mounting unclean filesystems rw for bg_fsck can be considered
> >dangerous with such unexpected data corruption.
> >And how would you know that a restore from backup is required for
> >a damaged file?
> 
> 100% true.
> 
> The trouble is that it would cost a lot in performance and a doubling
> in metadata to protect yourself against this.

Keeping the old and new key together with an digest from both encrypted
contents until we have an acknowledge from backing store would really
help.
RAID syncronity is the same problem - at least you want to know which
blocks are possibly asyncron for a quick boot phase.
Todays computers are still missing general purpose NVRAM for those
bookkeeping :(
Without NVRAM all you can do is using a disk block for it and accept
the performance hit or live with the risk.

-- 
B.Walter                   BWCT                http://www.bwct.de
bernd@bwct.de                                  info@bwct.de