Subject: Re: FUD about CGD and GBDE
To: None <freebsd-hackers@FreeBSD.ORG, tech-security@NetBSD.ORG>
From: None <>
List: tech-security
Date: 03/07/2005 11:06:56
> >I agree. I would also add random reads (or specially designed, combined
> >random reads and writes) to make traffic analysis and differential attacks
> >a real PITA for the hacker (although this idea may not be very effective
> >against a highly motivated and determined attacker, such as some
> > government, for instance).
> If you want to do something like this, you want to do sectorrenaming
> and journaling since that means you can only see that something
> was written but not what it was that was written.

So you think that just adding specially crafted, random reads/writes
will have no significant positive impact on security of "hot" disks?

> The performance cost can be considerable and the complexity formidable.
> There are incredibly many cornercases to handle.

But you do not deny that providing strong protection for "hot" disks
is very important? After all, user protection is only available when
the disk is hot.

Speaking of user protection, how did you implement the procedure of
erasing keys? Did you account for the properties of magnetic media
and RAM that make data recovery possible? See, for example:

Timestamp: 0x422C930D
ridin' VN1500-B2