smb@cs.columbia.edu wrote:

> >For example, one can regularly scrub the unused areas around the
> >encrypted image (padding) with dd(1) using if=/dev/{u,}random and
> >similar. This can be fully automated with a cron job.
> >
> >One can also regularly scatter files with misleading names and
> > contents. 
>
> etc.  I think we need to be careful about phrases like "one can". 

I was not assuming one would and I never implied that one should,
if you read my previous posts you probably noticed that all the
changes to GBDE I proposed were to be implemented in a way that
would let the user decide what they wanted. I was only stating
what could be done, in the end the user is the one who decides
what they want, but if they are aware of those threats they can
do a lot about them - if they choose to. One can also choose not
to use encryption at all.

> I decided to stop supposing and gather some real data, so I wrote some 
> analysis tools to measure the entropy of disk drives.  I need to 
> rewrite some of my tools and do a lot more analysis, but I think the 
> results thus far are quite interesting.  See
> http://www.cs.columbia.edu/~smb/rawdisk-entropy.ps

That seems very interesting, I will take a look! :-) We both posted at
about the same time talking about data entropy. Well, given the topic
that could hardly be considered a coincidence. :-))

Could you make the tools you used publically available? I would very
much like to run that kind of analysis on my disks, especially now
that I'm planning the implementation of the GBDE changes I proposed.

It would also be interesting to see the statistics from others,
perhaps someone would be willing to put up some kind of web site
so people could submit their results into a database.

> Anyway -- the moral of the story is that you really need to analyze 
> your environment and your threat model when designing crypto.  The 
> answer to SAN link eavesdropping might be IPsec or link encryptors; the 
> answer to cleaning lady attacks might be cleared personnel, two party 
> rules, or other non-crypto solutions.  But don't assume, and don't say 
> "one can" or "one should".  (As a footnote, I realized that my own cgd 
> "partition" (via vnd) was created from /dev/zero instead of /dev/urandom;
> the result is that the entropy of the file itself reveals almost 
> exactly how much of the cgd partition is in use.  I'll have to correct 
> that....)

I agree with you on the first part and about assuming, but I disagree
about the "one can" part. Saying that one can do something does not
imply that one should or that one would do that, it only implies that
an option exists. So you falsely assumed that I assumed when I was in
fact only addressing the other poster's false assumption that users
would do nothing. :-> They might do nothing, but they can do a lot
if they choose to.

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net