[dm-devel] my encryption
Erik Tews
erik at debian.franken.de
Sun Oct 19 14:35:01 UTC 2003
On Mon, Oct 13, 2003 at 02:12:13PM +0200, jon at kollegiegaarden.dk wrote:
> > Why is this bad ? I'd worry if changing the password *didn't* require
> > the device to be re-encrypted.
>
> Imagien you have a 3426TeraByte blockdevice...
> Reencrpting that is going to take a long long time, and even if
> it was just a few hundred GB, then they are going to be offline
> while you change the key. To some that is unacceptable. PPDD
> which i modelled my encryption on can change key without reencrypting
> it all. So can GBDE from FreeBSD.
> What usualy is done is that the passphrase is used as a key to encrypt
> another key, which is stored encrypted at the disk. Then this other
> key is used to encrypt the data with. Thus when changing the passphrase
> all you do is reencrypting the key. This is almost done atomicaly.
I think this is a bad idea. If I got a bad harddisk and loose the sector
where the key is stored, I loose my whole volume. If I got a password
which is hashed and then used as a key, then I will be still able to get
all which is readable on the disk.
> > > It doesnt shuffle the sectors arround
> >
> > Does this really provide more security ?
>
> Maybe, i'm not a cryptoanalyser, but GBDE does this, and i think they
> do it for a reason. The idea is that you can attack the encryption if
> you have "known plaintext", and a filesystem stores known meta data
> at a known location.
This is correct, I think this is a fine idea, if the blocks a big enough
that this will not make the disk seek all the day.
More information about the dm-devel
mailing list