Subject: Re: cgd and replay
To: Roland Dowdeswell <>
From: Pawel Jakub Dawidek <>
List: tech-security
Date: 08/22/2005 03:41:06
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 22, 2005 at 11:20:58AM +1000, Daniel Carosone wrote:
+> You're still missing the point about transactions; you can't overwrite
+> (and thus invalidate) any currently valid data with partial new data
+> (such as updating a MAC block). You need to be able to have the end
+> result be all-or-nothing.

Maybe I wasn't clear on this.

I proposed something like this:

	sector0: mac(sector1)+mac(sector2)+mac(sector3)+...+mac(sectorN)
	sector1: data
	sector2: data
	sectorN: data
	sectorN+1: mac(sector1)+mac(sector2)+mac(sector3)+...+mac(sectorN)

Then, if you have power failure, let's say, before writing sector2, but
after sector1 you have new MACs in sector0 and old MACs in sectorN+1.

On read, you verify sector1 integrity based on mac(sector1) from sector0,
then you verify sector2 against mac(sector2) from sector0 and you failed,
so you verify it against mac(sector2) from sectorN+1. And so on.

For me it is safe if we assume writing single sector is atomic.

Pawel Jakub Dawidek                              
FreeBSD committer                         Am I Evil? Yes, I Am!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (FreeBSD)