Subject: Re: FUD about CGD and GBDE
To: ALeine <>
From: Charles M. Hannum <>
List: tech-security
Date: 03/04/2005 23:31:30
On Friday 04 March 2005 03:17, ALeine wrote:
> Your assumption is wrong. First of all, the first sector of the
> encrypted image does not necessarily start at the beginning of
> the disk, nor does the last sector have to be the last sector
> of the disk. At initialization first_sector, last_sector and
> total_sectors can be set so that the encrypted image is placed
> at an offset from both sides of the disk. If you also use
> random_flush that free space (padding) is filled with random
> garbage automatically, so one cannot detect where the encrypted
> image actually begins or ends.
> You also have to take into acount the fact that there are at
> least 4 512 byte lock sectors (regardless of the size of the
> logical sector) which will thwart your automated brute forcing
> attempt further. Lock sectors can be anywhere, their location is
> picked randomly at initialization and everything else has to map
> around them, so you cannot assume anything about their location
> or know that you stumbled upon them.

There are at least two ways to determine this information fairly easily:

1) If you're doing analysis of a cold disk, it is ~trivial to tell the 
difference between a sector that has been written only once and a sector that 
has been rewritten.

2) When used in a SAN environment, or an environment where multiple accesses 
to the drive can be done over time, it is possible to determine this fairly 
quickly using traffic analysis.  The GBDE paper even touches on this in 
section 10.3.  Have you read it?