GBDE, standing forGEOM Based Disk Encryption, is ablock device-layerdisk encryption system written forFreeBSD,[1][2] initially introduced in version 5.0. It is based on theGEOM disk framework. GBDE was designed and implemented byPoul-Henning Kamp and Network Associates Inc. (now known asMcAfee).[3]
Unlike most disk encryption software, GBDE does not attempt to defeatwatermarking attacks through the use of disk encryption-specific modes of operation (seedisk encryption theory), but instead generates a randomkey each time asector is written.[4] Unlike some alternatives, such as CBC with sector-specificinitialization vectors, this approach does not reveal any information to the attacker even if they have access to snapshots of the disk image from different points in time, since encryption keys are never re-used.
The one time sector key is encrypted using a pseudorandom key. This pseudorandom key is derived from the sector number and a static 2048-bit master key with 128 bits ofsalt. Thepseudorandom number generator used for this purpose is called the Cherry Picker. This is not a well established PRNG, but rather one invented for GBDE. This generator may not meet the security levels of standard algorithms, and could be distinguishable from random numbers.[5]
Due to this unique approach, GBDE only supports 128-bitAES. Using a different key for each write also introduces a significant CPU overhead, as mostblock ciphers use key-specific precomputations, and makes disk updates non-atomic since the keys are written separately from the data.[5][6][7] As a result, data loss can occur on unexpected power drops, even when used withjournaling file systems. GBDE also has a disk spaceoverhead of about 3% to store the per-sector keys.
To address these shortcomings, a more typical disk encryption solution for FreeBSD,GELI, was written later by Pawel Jakub Dawidek.
 | This cryptography-related article is astub. You can help Wikipedia byadding missing information. |
