Slashdot Mirror
NetBSD's Crypto-Graphic Disk
An anonymous reader writes "Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Recently its author, Roland Dowdeswell, was interviewed and provided a lot of details, and made a comparison with Linux's Loop-AES, FreeBSD's GBDE, OpenBSD's svnd.
This is a must-read for any laptop owner (and paranoid androids)!"
What happens if cdgconfig file is lost or damaged?
If you lose the cdgconfig file, is your data irrecoverable?
When it overwrites data, is it truly unreadable?
How taxing is this system, how long does it take to execute?
What happens when you lose your PW?
Are there knowledgable people in the same continent that can provide support for this?
He who knows best knows how little he knows. - Thomas Jefferson
If it acts like a normal filesystem, that means that nothing special needs to be done to access it, provided you have an account with rights to use that filesystem (I'm assuming it needn't be root). So what if the person stealing your laptop gets a hold of your password? How does it become any more secure?
In retrospect, most BSD users probably don't keep their passwords on a sticky note inside their laptop like some Windows users I know...
if you remember to encrypt any partitions that temporary data might possibly reside on... cos it would be awfully silly to protect your home partition and forget /var or /tmp or the swap... why not be completely paranoid and encrypt the the volatile "partition" that gets created in memory
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
That is exactly why my prefered solution for on-the-fly hard disk encryption is TrueCrypt. Not only is it open source and cross platform (Windows/Linux), but it also happens to simply rock, surpassing many commercial products, with lots of nice features like the use of keyfiles, or for the true paranoid, cascade encryption (like AES-Blowfish-TripleDES) and plausible deniability (hidden volume).
I code, therefore I am.
I don't know about BSD, but with Windows there is always the danger that the OS itself or other programs are making copies of data and filenames and storing them in the registery, .ini files or a thousand other possible places which may not be encrypted. Encrypting the entire OS from boot on up seems like the only genuinely secure way to prevent this problem.
NetBSD will be exhibit at SCALE 4x
However, the question is whether the website and docs were written by the developers and designers of TrueCrypt or by their webmaster and docs maintainers.
They have a forum admin, forum moderators, etc, and the project is quite big so I doubt that the software devs/designers maintain the website and docs themselves.
I run Windows on my main desktop, and know how to do it well. I don't spend time daily administering my machine. I simply set it up correctly the first time. After installing Windows and all of my apps, I go through the list of processes that start on boot and only keep what I need. This is a basic strategy that administrators of *all* OSes (even "secure" ones) should use.
Combine this with being a smart user, and your system will be plenty secure. I don't even run anti-virus software. Never have. Never had a virus either.
(grandparent replying)
:-)
The FAQ states it is: "Last Updated December 28, 2005".
Apparently the TrueCrypt team is very responsive. Congratulations!
Given the growing popularity of TrueCrypt and the apparently vibrant team behind it, I'm considering doing a full analysis of TrueCrypt from a cryptographic viewpoint. That is, as soon as I have the time (I'm quite busy now with my exams).
I wonder if there are other K.U.Leuven people involved with TrueCrypt, who maybe convinced the project team to include Whirlpool? Please reply. I know you are reading this thread or you wouldn't have updated the FAQ
I have not examined Truecrypt further, but I can imagine that there could be more cryptographical mistakes.
There are other mistakes. TrueCrypt use the sectornumber for IV, which makes it vulnerable to watermarking. I mentioned this in another comment. This problem violates the plausible deniability mentioned by Futurepower.
Do you care about the security of your wireless mouse?
Yes, and why do you take those steps? Because you live in fear of the consequences that would happen if you didn't take them.
He seems to have a relevant worry about the lack of atomicity when writing to a GBDE encrypted device. However he fails to notice that this happens only because GBDE has addressed a problem which every other disk encryption seems to have ignored. You get certain security advantages from probabilistic encryption. But probabilistic encryption implies the encrypted version must be slightly larger than the clear text.
More than once has the use of deterministic encryptions lead to weaknesses in disk encryptions. And often the workarounds require additional CPU power. And even the most careful deterministic encryption can never be as secure as a probabilistic encryption.
GBDE does have probabilistic encryption. This also means that obviously an update requires more than one physical write. Though this could be done securely, the way it is done in GBDE seems to give a risk of data loss/corruption. Some kind of journaling could have solved the problem. Having journaling both in the encryption and in the file system seems to be overkill (and clearly hurts performance), but integrating the two without compromising security is nontrivial. I'd like to see some more research in this area.
From my description it may sound like from a cryptographic viewpoint GBDE is the best designed disk encryption in existence. Unfortunately it isn't so. It did get some things right, but it seems to be mostly by luck. GBDE uses different pseudo random keys for each sector, however rather than using a standard PRNG, PHK decided to invent his own known as the Cherry Picker. Unfortunately there is a weakness in this generator as the output is not uniformly random.
To the best of my knowledge GBDE is currently the only disk encryption making use of probabilistic encryption, and none of the disk encryptions in existence make a serious effort at guaranteeing integrity (also known as security against an active adversary).
Do you care about the security of your wireless mouse?
the parent is a troll and an idiot, but you seem to be genuinely asking, so i'll take the time to answer.
GUI quality: The troll gives no indication of what or how he's measuring. it's difficult to deny that MS's GUIs are more polished, but there are numerous inconstancies. GUIs available on unix systems, including FreeBSD, tend to be more configurable. i'm inclined to agree that traditional X11-based GUIs are behind that of Windows, but that's a far cry from FreeBSD not having one, as the troll claims. also, OS X is widely agreed to be easier to use than Windows' and is unquestionably more technically advanced (we'll see what Vista brings).
Support: The troll's claims that Microsoft is "the world's most trusted software company" is simply laughable. major failures in security and stability in Microsoft products are legendary; their reputation for quality is thoroughly mediocre. they are, however, quite large and do stand behind their products (such as they are) for defined periods of time, which has a certain level of comfort associated with it. FreeBSD, on the other hand, has much higher initial quality and also has commercial support available from various sources. the open source nature of FreeBSD and the vibrant community existing around it also means particularly obscure problems are more addressable than they are in Windows, where you're left waiting for Microsoft to release a patch. again, there are trade offs to be made, but i think FreeBSD is a clear winner here.
Cost and convenience: It is undeniable that having the system pre-installed is a huge win for convenience. but the troll goes way off-track from there. first, XP is available pre-installed, but for how many architectures, maybe two (x86 and itanium)? FreeBSD is available on about a half dozen (NetBSD, incidentally, is available on dozens); this is particularly important in the sever and appliance realms, which are FreeBSD's primary target spaces. FreeBSD is available pre-installed at least on server equipment (i don't know of anyone who does workstations/laptops). the troll claims that XP is free, which is flatly false: the cost is bundled in the cost of the hardware. the troll is also implicitly defining terms like "every major manufacturer" to be only ones he cares about: get me an XP system from Sun or Apple, for example.
Stability/scalability:Again, the troll gives no measurements. at a minimum, XP has a reputation for being unreliable. in my experience at work, XP is a step down in stability and reliability from 2000, although both of these are still leaps ahead of any Microsoft system predating that (except probably DOS, which was highly stable by virtue of being so tremendously simple). DoS-style attacks which bring down the system remain common against XP and virtually unheard of against FreeBSD. FreeBSD is highly stable. the standard edition of XP also scales to 2 processors; special versions are available to get it up to higher number, but still pretty modest number of processors (i think it was 16, but i don't remember). i'm not sure specifically what SMP problems the troll is talking about (again, no specifics), but i've personally run FreeBSD on dual-processor SMB systems without issue and other BSDs on systems much, much larger than any Microsoft product has any hope of touching. for reference, note that BSD-based systems hold many places in the Top 500 supercomputer list, including several in the top 20; Windows can't hope to touch that level of performance.
Software availability: No, troll, not everyone uses it. but yes, it does have more software. for that reason, when i was Director of IT for our company, we continued to by Windows boxes; our accounting package wasn't available on any other platform. but this very much depends what you need. FreeBSD certainly runs a far cry more than vi. most things that'll run on other open-source systems like Linux,
i speak for myself and those who like what i say.
Seagate has announced a laptop disk that does full disc encryption in hardware, without slowing down disc I/O at all. Seems like that makes software solutions (which are subject to reverse engineering, etc.) decidedly inferior.
... an idea, the fugitive fermentation of an individual brain ... -- T. Jefferson
Thanks to the poster above who pointed this out to me...
:) The write operations took a lot of CPU cycles in kjournald (I'm using ext3 so you may get better speeds with other filesystems).
I am using dm-crypt on top of a level 5, 3 disk SATA raid.
The system just used a normal aes.ko module so I decided to try the aes-i586.ko module (the server is a Athlon XP 2400+ with 512 MB RAM).
Here are my results:
Control Read test file (non-crypted)...
1) 0.01user 1.43system 0:17.99elapsed 8%CPU
2) 0.03user 1.43system 0:18.07elapsed 8%CPU
3) 0.03user 1.43system 0:17.94elapsed 8%CPU
AES
===
Write test file....
1) 0.05user 4.99system 0:53.26elapsed 9%CPU
2) 0.05user 4.88system 0:52.85elapsed 9%CPU
3) 0.06user 4.87system 0:50.14elapsed 9%CPU
Read test file....
1) 0.03user 2.00system 0:36.44elapsed 5%CPU
2) 0.03user 1.97system 0:36.99elapsed 5%CPU
3) 0.03user 1.94system 0:35.55elapsed 5%CPU
AES-i586
========
Write test file....
1) 0.06user 4.65system 0:42.12elapsed 11%CPU
2) 0.03user 4.90system 0:40.38elapsed 12%CPU
3) 0.04user 4.77system 0:42.02elapsed 11%CPU
Read test file....
1) 0.03user 1.87system 0:22.22elapsed 8%CPU
2) 0.04user 1.91system 0:21.80elapsed 8%CPU
3) 0.02user 1.90system 0:22.00elapsed 8%CPU
As you can see the results with aes-i586 are significantly better
Does anyone know of any reason not to use aes-i586.ko?? I assume they are exactly equiv?
Anyways, I've added the line:
alias aes aes-i586
to my modprobe.conf.
Cheers for the advice.