GBDE not protecting the user
Michael W. Lucas
mwlucas at michaelwlucas.com
Tue Oct 14 16:34:21 UTC 2014
On Mon, Oct 13, 2014 at 01:29:26PM +0100, RW wrote:
> You can overwrite the geli metadata on the end of the provider with dd.
> Preferably the whole partition if you want to be sure because anyone
> that's ever had access to the disk could have copied the metadata.
>
> If you are going to use a passphrase I'd recommend geli which has
> password strengthening.
If Mallory is holding a gun to my head, I want the computer to say
"The passphrase entered by the user is correct, but the on-disk
decryption keys no longer exist. The user has cooperated fully. Please
don't shoot him."
GELI does not do this. It's designed for a different threat
model. That's not a problem, or a weakness.
GBDE does. Or, rather, it's supposed to. Hence this bug report.
It's an unusual use case, yes. But the people who need this
functionality REALLY need it.
==ml
--
Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
More information about the freebsd-hackers
mailing list