On Wed, Nov 17, 2010 at 01:58:06PM -0800, Bill Sommerfeld wrote: > On 11/17/10 12:04, Miles Nordin wrote: > >black-box crypto is snake oil at any level, IMNSHO. > > Absolutely.
As Darren said, much of the design has been discussed in public, and reviewed by cryptographers. It'd be nicer if we had a detailed paper though. > >Congrats again on finishing your project, but every other disk > >encryption framework I've seen taken remotely seriously has a detailed > >paper describing the algorithm, not just a list of features and a > >configuration guide. It should be a requirement for anything treated > >as more than a toy. I might have missed yours, or maybe it's coming > >soon. > > In particular, the mechanism by which dedup-friendly block IV's are > chosen based on the plaintext needs public scrutiny. Knowing > Darren, it's very likely that he got it right, but in crypto, all > the details matter and if a spec detailed enough to allow for > interoperability isn't available, it's safest to assume that some of > the details are wrong. Dedup + crypto does have security implications. Specifically: it facilitates "traffic" analysis, and then known- and even chosen-plaintext attacks (if there were any practical such attacks on the cipher). For example, IIUC, the ratio of dedup vs. non-dedup blocks + analysis of dnodes and their data sizes (in blocks) + per-dnode dedup ratios can probably be used to identify OS images, which would then help mount known-plaintext attacks. For a mailstore you'd be able to distinguish mail sent or kept by a single local user vs. mail sent to and kept by more than one local user, and by sending mail you could help mount chose-plaintext attacks. And so on. My advice would be to not bother encrypting OS images, and if you encrypt only documents, then dedup is likely of less or no interest to you -- in general, you may not want to bother with dedup + crypto. However, it is fantastic that crypto and dedup can work together. Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
