[dm-devel] my encryption

jon at kollegiegaarden.dk jon at kollegiegaarden.dk
Mon Oct 13 07:14:01 UTC 2003


On Mon, Oct 13, 2003 at 01:04:20PM +0100, Joe Thornber wrote:
> On Mon, Oct 13, 2003 at 01:54:21PM +0200, jon at kollegiegaarden.dk wrote:
> > On Mon, Oct 13, 2003 at 08:58:12AM +0100, Joe Thornber wrote:
> > > What is Christophe Saouts encryption target missing IYO ?
> > 
> > As far as i remember:
> > it can not change password without reencrypting the whole device
> 
> Why is this bad ?  I'd worry if changing the password *didn't* require
> the device to be re-encrypted.

Imagien you have a 3426TeraByte blockdevice...
Reencrpting that is going to take a long long time, and even if
it was just a few hundred GB, then they are going to be offline
while you change the key. To some that is unacceptable. PPDD
which i modelled my encryption on can change key without reencrypting
it all. So can GBDE from FreeBSD.
What usualy is done is that the passphrase is used as a key to encrypt
another key, which is stored encrypted at the disk. Then this other
key is used to encrypt the data with. Thus when changing the passphrase
all you do is reencrypting the key. This is almost done atomicaly.

 
> > It doesnt shuffle the sectors arround
> 
> Does this really provide more security ?

Maybe, i'm not a cryptoanalyser, but GBDE does this, and i think they
do it for a reason. The idea is that you can attack the encryption if
you have "known plaintext", and a filesystem stores known meta data
at a known location.






JonB




More information about the dm-devel mailing list