Hello. I have been endeavoring to create my own livecd which will
mount a remote share from which to run scripts installing a ghost
image onto a local hard drive. I realize this may be more trouble
than it's worth, but I am doing it to easily assimilate new machines
into a Beowulf cluster... so
On Thu, 2005-03-03 at 07:32 -0700, Scott Long wrote:
Alfred Perlstein wrote:
Can someone review this? I think 'u' is incorrectly
added to instead of assigned to. This causes the initial
calculation to be garage based and screws up displaying
poll information.
I'd like this to be
Whats the intention behind the FreeBSD developers policy?
-- Weitergeleitete Nachricht
Von: Theo de Raadt [EMAIL PROTECTED]
Datum: Fri, 04 Mar 2005 03:51:42 -0700
An: [EMAIL PROTECTED]
Betreff: FreeBSD hiding security stuff
A few FreeBSD developers apparently have found some security issue
[I'm adding a CC: to freebsd-security, since I'm sure this thread will
get reposted there if I don't. For those not subscribed to -hackers:
Jonathan forwarded the an email Theo wrote to openbsd-misc:
http://marc.theaimsgroup.com/?l=openbsd-miscm=110993373705509w=2 ]
Jonathan Weiss wrote:
Whats
In message [EMAIL PROTECTED], Perry E. Metzger writes:
The best I can say, however, is that the US
government has approved the use of AES with 256 bit keys for very
highly secure communications, and they have a very demanding user
community.
(There is a big difference in what crypto you need for
In message [EMAIL PROTECTED], Jari Ruusu writes:
Early versions of loop-AES were FUBARed, true. But why do you insist on
ranting about fuckups that were fixed long time ago?
I don't :-)
The topic at hand was why I made certain choices for GBDE the way
I did, what loop-AES did subsequent to that
On Thu, Mar 03, 2005 at 05:58:49PM -0500, Roland Dowdeswell wrote:
Disklabels for example have a checksum. The checksum might not be
terribly strong, but the chance that two different valid disklabels
could even be decrypted with different keys is small, I would
imagine. The checksum takes
It's Theo, he's a drama queen. Probably best not to feed the troll.
--Peter
Jonathan Weiss wrote:
Whats the intention behind the FreeBSD developers policy?
-- Weitergeleitete Nachricht
Von: Theo de Raadt [EMAIL PROTECTED]
Datum: Fri, 04 Mar 2005 03:51:42 -0700
An: [EMAIL PROTECTED]
Betreff:
Hi folks.
I wander how O(1) sheduling works in ULE.
In ule.pdf Jeff wrote:
Threads are picked from the current queue in
priority order until the current queue is empty.
As far as I understand the algorithm is O(n)
where n - number of READY TO RUN processes,
not all processes isn't it?
thanks,
Hi all,
I am wondering if any one knows about a generic parser which takes a
packet (mbuf) of a certain protocol (e.g RSVP ) as input and generates
some data structre representing the packet ?
I've been searching for a while and found that ethereal and tcpdump
for example use specific data
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Bernd Walter writes:
No matter what disk you take - writes never have been atomic.
The major difference I see is that you get a read error back in
the disk failure case, while such a crypto
On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as now.
I gave up on journalling myself because IMO it
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as
On Thu, Mar 03, 2005 at 06:48:51PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Steven M. Bellovin writes:
And Knuth was talking about a situation without an adversary.
If the component (well respected etc etc) algorithms I have used
in GBDE contains flaws so that they
Poul-Henning Kamp [EMAIL PROTECTED] writes:
We need more ideas and more people trying out ideas.
There is a profession called cryptographer out there. They are the
folks who try out these new ideas, and they fill lots of conference
proceedings with their new ideas, including things like crypto
On Wednesday 02 March 2005 21:15, ALeine wrote:
[EMAIL PROTECTED] wrote:
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes.
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it
Could you back up this claim, insofar that users did not trust cgd? I
haven't seen any distrust of cgd -- in fact, I've
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it and history
have so far repeated.
To quote David Hume, Never an ought from an is. That users
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
There is a profession called cryptographer out there. They are the
folks who try out these new ideas, and they fill lots of conference
proceedings with their new ideas, including things like crypto
Poul-Henning Kamp [EMAIL PROTECTED] writes:
Don't let peole like Thor scare you away, progress happens when people
try to follow their ideas, even if told that they are fools by people
who (think they) know better.
They laughed at Fulton.
They also laughed at Bozo the Clown.
There is
ALeine [EMAIL PROTECTED] writes:
There is a profession called cryptographer out there. They are
the folks who try out these new ideas, and they fill lots of
conference proceedings with their new ideas, including things like crypto
modes designed specifically for disk encryption.
You are
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Todd Vierling writes:
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it
Could you back up this
On Thu, Mar 03, 2005 at 09:41:53PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
To quote David Hume, Never an ought from an is.
I'm Danish by birth so english is only my second
This looks like a linux thing to me...
http://en.wikipedia.org/wiki/NPTL
If its a spec, i'd like to know how.
On Thu, 3 Mar 2005, Julian Elischer wrote:
Kamal R. Prasad wrote:
--- Julian Elischer [EMAIL PROTECTED] wrote:
Kamal R. Prasad wrote:
--- Lucas Holt [EMAIL PROTECTED] wrote:
Wouldn't
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the encryption. At the very least two different
keys should have been used at the expense of
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the encryption. At the very least two different
keys should have been
On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
Since the attacker know the block number the IV generation doesn't
add strength.
In fact expose any weakness in the algorithm even more because it
offers two-way leverage on the algorithm.
It also adds a very efficient
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote:
He designed GBDE to always be harder than and never easier
to break than the cryptographic algorithms it relies on.
Some very well-intentioned (and plenty smart) people at MIT
designed the PCBC cipher mode to always be harder than and
I'm not going to defend what Thor said, nor do I even think it's worth
discussing as it largely amounts to an appeal to privileged knowledge.
However, this is some extremely sloppy thinking in your writing. To wit:
On Thursday 03 March 2005 02:43, ALeine wrote:
At any time half of all the
Poul-Henning Kamp [EMAIL PROTECTED] writes:
I have a better idea: Why don't we get the cryptographers to
show up at computer science conferences ?
They do. Perhaps you might want to listen to them.
I remember a certain talk at BSDCon where someone criticized the
design of the kernel RNG
Poul-Henning Kamp [EMAIL PROTECTED] writes:
I think we've already established that this fear, though
understandable, is not a reasonable one under the circumstances. See
several postings already made. You are better off just using AES with
a longer key than the GBDE mechanism.
I'm sorry, I
ALeine [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
You are mistaking people who design cryptographic algorithms
and those who design cryptographic systems which integrate those
algorithms into functional systems.
No, I am not. PHK invented new cryptographic modes for his work.
Roland Dowdeswell [EMAIL PROTECTED] writes:
I realise that PHK has been claiming that you might get false
positives, and that you somehow have to maintain a matrix of past
this and that. It is a lot simpler than this really.
Of course, given that the unicity distance is much less than the
On Fri, Mar 04, 2005 at 12:42:33AM +0100, Poul-Henning Kamp wrote:
The fact that you just need to break one single sector in CGD before
you get the entire disk contents gives a disadvantage to CGD of
2^26 before we even consider the nature of the attack. That is not
conservative when it could
Thor Lancelot Simon [EMAIL PROTECTED] writes:
I think there's a misunderstanding here. Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode? It's not an encryption key, it's an IV.
Indeed. The IV can (subject to some constraints)
Thor Lancelot Simon [EMAIL PROTECTED] writes:
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote:
He designed GBDE to always be harder than and never easier
to break than the cryptographic algorithms it relies on.
Some very well-intentioned (and plenty smart) people at MIT
designed
Poul-Henning Kamp [EMAIL PROTECTED] writes:
If the component (well respected etc etc) algorithms I have used
in GBDE contains flaws so that they become individually less
intrinsicly safe because their input is the output of another such
algorithm, then the crypto-world has problems they need
Poul-Henning Kamp [EMAIL PROTECTED] writes:
You don't actually know if I invented my own cryptographic modes
or not, do you ?
You did.
I did ? Cool, I should patent them! :-)
I would encourage it. It will keep others from wanting to use them.
Sorry, they have only been disproved in a
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
MD5 was believed to be heavily understood in literature. It was
well established. Look at what happened to it.
Yup. And Roland made the algorithm you use for encrypting your disk
*pluggable*.
In message [EMAIL PROTECTED], Poul-Henning Kamp writes:
I have studied the AES papers and in particular the attacks and
critisisms of it very carefully, and they have proven a whole lot
of things to be impossible, but they have not proven that there
are not more that needs to be proven
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
My strong suggestion for you is that you adopt a similar approach --
build a good framework that, given good algorithms, will provide
security, and make it easy for users to change over if an
Poul-Henning Kamp wrote:
I am being a bit unfair here because I am lumping CGD in with the
equally defficient code in Linux (Loop-AES etc). It was mostly the
linux code I talked to people about, but CGD makes the same exact
mistake.
Loop-AES for Linux has improved a lot since v1.X versions.
Hi folks.
I wander how O(1) sheduling works in ULE.
In ule.pdf Jeff wrote:
Threads are picked from the current queue in
priority order until the current queue is empty.
As far as I understand the algorithm is O(n)
where n - number of READY TO RUN processes,
not all processes isn't it?
thanks,
On Fri, Mar 04, 2005 at 11:07:34AM -0500, Aziz KEZZOU wrote:
Hi all,
I am wondering if any one knows about a generic parser which takes a
packet (mbuf) of a certain protocol (e.g RSVP ) as input and generates
some data structre representing the packet ?
I've been searching for a while and
Any chance some part of this discussion can be taken off-line?
Or to freebsd-sec?
-Dan
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
would people mind not bcc'ing freebsd-hackers? I've been deleting this
thread from my inbox for a couple of days because it's not filtered into
my bsd folders :)
On Thu, 2005-03-03 at 15:52 -0500, Perry E. Metzger wrote:
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL
All,
Thanks to the help of Max Laier and Tom Rhodes, the FreeBSD status
reports are alive and will be much more regular. However, in the
interest of not over-burdening the developers who submit reports,
we've decided to switch from a bi-monthly cycle to a quarterly cycle.
So, we will not be
At Fri, 4 Mar 2005 11:07:34 -0500,
Aziz KEZZOU wrote:
Hi all,
I am wondering if any one knows about a generic parser which takes a
packet (mbuf) of a certain protocol (e.g RSVP ) as input and generates
some data structre representing the packet ?
I've been searching for a while and found
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the cache upon detecting the
power supply was cut would be sufficient.
I'm
On Sat, Mar 05, 2005 at 05:37:47AM +1100, Peter Jeremy wrote:
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the
Aziz KEZZOU wrote:
Hi all,
I am wondering if any one knows about a generic parser which takes a
packet (mbuf) of a certain protocol (e.g RSVP ) as input and generates
some data structre representing the packet ?
you might look at DPF
(a packet filter/classifier)..
it has an interesting filter
On Fri, Mar 04, 2005 at 11:07:34AM -0500, Aziz KEZZOU wrote:
Hi all,
I am wondering if any one knows about a generic parser which takes a
packet (mbuf) of a certain protocol (e.g RSVP ) as input and generates
some data structre representing the packet ?
I've been searching for a while and
Here is an odd situation.
If I start quagga ospfd after creating gre, tun, or gif devices, ospfd
recognises them as point-to-point interfaces and everything works.
However, if I start quagga and then create interfaces afterwards, the
interfaces are not recognised as point-to-point interfaces and
On Thu, 3 Mar 2005 22:25:37 -1000, William Bierman [EMAIL PROTECTED] wrote:
Hello. I have been endeavoring to create my own livecd which will
mount a remote share from which to run scripts installing a ghost
image onto a local hard drive. I realize this may be more trouble
than it's worth,
On Sat, 5 Mar 2005, Peter Jeremy wrote:
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the cache upon detecting the
power
[EMAIL PROTECTED] wrote:
I'm not going to defend what Thor said, nor do I even think it's
worth discussing as it largely amounts to an appeal to privileged
knowledge.
However, this is some extremely sloppy thinking in your writing.
You do not understand what was said.
To wit:
On
I haven't seen this forwarded to the FreeBSD list, so I thought I'd
take the liberty of forwarding it here.
Warner
---BeginMessage---
CALL FOR CONTRIBUTIONS
Libre Software Meeting 2005
---
Operating system design and implementation
The Libre Software Meeting
[EMAIL PROTECTED] wrote:
I have no doubt that was the intent. The question is, did he
achieve it?
You seem to be making claims to the contrary, but at the same
time you do not even know some basic facts about GBDE. Have
you really read even the gbde(8) man page? If so, how come you
missed
[EMAIL PROTECTED] wrote:
It is a serial attack that is:
for (i=0; i n; i++) {
crack the i'th key--key block;
}
So it is actually where $n$ is the number of key--key sectors:
[ ASCII art removed and sent to the museum of modern arts :- ]
So, for a
[EMAIL PROTECTED] wrote:
Your disk has 2^128 sectors? Where can I buy one of those?
In the same movie I referenced in the post you took that from. :-
Either there or in the dream I referenced a bit later. :-
ALeine
___
WebMail
On Fri, 2005-Mar-04 16:37:05 -0600, Jason Young wrote:
Why not put a flash chip into the drive's onboard electronics, of the same
size as the drive's cache, or the max possible size of all outstanding
cached writes?
That seems to be a better idea. ISTR that once upon a time, vendors made
chips
Greetings,
I posted this question on freebsd-question list yesterday, but no replies.
So I am just trying my luck here. Thanks in advance.
I've installed the standard FreeBSD 4.11-RELEASE and have realized that the
sysctl option for enabling SACK in TCP is not available (net.inet.tcp.do_sack).
[EMAIL PROTECTED] wrote:
The principle of bivalence merely states that every proposition
is either true or false. Tertium non datur is the law of the
excluded middle, which is not the same.
Furthermore, neither one says anything about half
the population falling on one side or the other;
Thor Lancelot Simon wrote this message on Thu, Mar 03, 2005 at 16:01 -0500:
[.. ] (that cgd, though
it had existed for precisely two days when you checked GBDE into the
Just because I am tired of incorrect information (repeated) when it is
freely available on the respective websites:
CGD:
I haven't looked at it, but could it just be referring to retrieving a
thread from the queue. Just pulling something off a queue is a O(1)
operation. The order it places things in the queue probably is not. :)
On Mar 4, 2005, at 11:15 AM, Andriy Tkachuk wrote:
Hi folks.
I wander how O(1)
Kan Cai wrote:
Greetings,
I posted this question on freebsd-question list yesterday, but no
replies. So I am just trying my luck here. Thanks in advance.
I've installed the standard FreeBSD 4.11-RELEASE and have realized
that the sysctl option for enabling SACK in TCP is not available
Hello, all,
I have a Q on filedesc.h:
i am wondering whether the order of the field in struct
_filedesc_ (in sys/filedesc.h) matters?
I added a field to _filedesc_ struct in filedesc.h. It is a dynamically
allocated list, just as fd_ofiles, or fd_ofilefalgs.
I put my new added list right
I haven't looked at it, but could it just be referring to retrieving a
thread from the queue. Just pulling something off a queue is a O(1)
operation. The order it places things in the queue probably is not. :)
You rihgt - just pulling something off a queue is a O(1) operation,
but before
69 matches
Mail list logo