On Mon, Aug 16, 2010 at 02:55:44PM +0200, octane indice wrote: > En r?ponse ? Arno Wagner <arno@xxxxxxxxxxx> : > > Well, if the attacker mirrors your network traffic with iSCSI, > > encryption does not matter anymore for any change analysis. > > > I don't know if it is the right place to ask, but do you have > any links with this "change analysis" thing ? Not really. What it does is expose on sector level (xts, EME) what parts of the filesystem are changed. The idea is that this can form a distinctice pattern, for example "Netscape is launching", "An email was received in mbox format" or "A Skype connection was initiated". In some contexts, this type of information leakage can be a risk. Typically this is only a risk in a SigInt context, were people have long ago given up reading content (because it is too much effort with encryption or even infeasible), but look at traffic patterns. For example, it seems you can pretty clearly see from the pattern whether a military attack is imminent. This is advanced IT Security vodoo and not really relevant for most users. The one context I can think of were it becomes relevant is if a specific application intentionally cause some kind of pattern to either signal it has been started or to actually leak information. For example a corrupted encryption program couls signal key-bits to the world in this fashion. Note that this is not really relevant for anything that has net access, as there bits are far easier to leak or directly send to the attacker. For most typical usage it is not a relevant threat. If you have questions, I will be happy to elaborate more. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
