From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Sun, 22 Aug 2010 01:14:01 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 28B261218525
	for <dm-crypt@saout.de>; Sun, 22 Aug 2010 01:14:01 +0200 (CEST)
Date: Sun, 22 Aug 2010 01:14:00 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20100821231400.GA30794@tansi.org>
References: <20100726210741.GC24052@tansi.org>
	<1280180557.3266.136.camel@fermat.scientia.net>
	<slrni4s7ac.lr8.Mario.Holbe@darkside.dyn.samba-tng.org>
	<4C682354.50907@web.de> <20100815221051.GA13494@tansi.org>
	<1281963344.4c69355004f56@www.inmano.com>
	<20100816142139.GA26251@tansi.org>
	<1282423535.3276.24.camel@fermat.scientia.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <1282423535.3276.24.camel@fermat.scientia.net>
Subject: Re: [dm-crypt] Efficacy of xts over 1TB
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Sat, Aug 21, 2010 at 10:45:35PM +0200, Christoph Anton Mitterer wrote:
> Hi.
>=20
>=20
> But this goes IMO more in the plausible denyability direction, doesn't
> it?

I think not even that. The attacker already know you likely have
encrypted data or a lot of randomness. But then you have been
changing that in a typical pattern for filesystem access.

The data leakage is real, but very, very low in volume and will
not matter in almost all situations IMO, and therefore nobody
will bother attacking that. Now if you store and process
highly sensitive data in the exabyte-range, it might be a
minor concern (an attacker could plant a document and later
detect ot has been added to the encrypted device), but even
there effort is extreme.=20

This is an example of an academic attack. Interesting, and
show a real limit of the employed encryption method, but
irrelevant for the real world.

> An attacker would still be not able to read what was written.
> And for most applications it should be extremely difficult or even
> impossible to make any conclusions,.. because of fragmentation... etc.
> pp.

I agree.

> Another issue is of course when you have corrupted programs in the
> system.... but then you're screwed anyway,... and there are usually much
> easier to implement hidden channels.... (but this argument shouldn't
> count as I always say myself ;) ).

Indeed. Just use a sequence of secors, and change or not them=20
in a pattern.

Arno
--=20
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam=
e=20
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier=20