Hi! Surprised by seeing streaks of zeros every 4k on my geli encrypted drive, I realized they are zero-padded sectors (i.e. the 9th sector underlying every encrypted 4K). I was wondering if it’d be a good idea to do this instead, in order to not give away sector start/end information in the case where metadata is destroyed: [freebsd .../geom/eli]$ svn diff Index: g_eli_integrity.c =================================================================== --- g_eli_integrity.c (revision 343023) +++ g_eli_integrity.c (working copy) @@ -472,7 +472,7 @@ * only partially filled. */ if (bp->bio_cmd == BIO_WRITE) - memset(data + sc->sc_alen + data_secsize, 0, + arc4random_buf(data + sc->sc_alen + data_secsize, encr_secsize - sc->sc_alen - data_secsize); } [freebsd .../geom/eli]$ Thanks! — Arjan
I'm having trouble imagining an attack that is aided by the end of sector zeroes. Do you have something specific in mind?
(In reply to Conrad Meyer from comment #1) plausible deniability of the existence of structured data on the provider. if all data on a drive is indistinguishable from random, one would be able to deny that there is data on the drive at all.
I'm having trouble seeing that as plausible or any different from partially zeroed :-). You could claim (with equal plausibility, IMO) that the alternating random / zeroes doesn't store any data; it's just silly and isn't going to be believed in the same way it won't if you make that claim with all random bytes. You're familiar with https://xkcd.com/538/ ?
(In reply to Conrad Meyer from comment #3) ok. well, regardless of opinions on what generally would actually happen when asked for a password by law enforcement, i think there is a case for making it harder to detect the presence of a geli provider so, i figured i put the idea out there. -- Arjan
Wasn't GEOM BDE designed to allow for plausible deniability, and even an attempt at defeating rubber-hose cryptography?