We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14
2008 A. G. Basile. Creative Commons Attribution-Share Alike 3.0 License.
Random versus Encrypted Data
Introduction What oes it mean !or in!ormation to be leake" What is in!ormation an#$a#s" %! $e come across some ata& can $e tell i! it contains in!ormation or not" %s it even meanin'!ul to talk about ata $hich carries (ero in!ormation" )hese are im*ortant +uestions $hen it comes to encr#*tin' !ile s#stems& because& as % $ill sho$ belo$& there are small amounts o! in!ormation leake even in our best encr#*te s#stem. %! $e start b# e!inin' in!ormation as ata containin' a messa'e then the o**osite o! in!ormation& or (ero in!ormation& is ranom ata& ie& ata $hich ma# con!orm to some s*ectral *arameters but oes not e,hibit an# correlation bet$een ata elements. %n orer !or ata to carr# a messa'e& elements in the se+uence must be correlate in some $a#. -or e,am*le& .c. !ollo$e b# .a. !ollo$e b# .t. conve#s the messa'e .cat. --- the orer is im*ortant as is the *ro,imit# o! the characters& an $ithin the canon o! the /n'lish lan'ua'e& this messa'e elicits the ima'e o! a !u((# creature $hich *urrs. )his correlation& e,tene over the ata se+uence& 'ives the messa'e. Since .ranom. b# e!inition means that there are no correlation& there can be no messa'e. )he ieal then in encr#*tion $oul be to create a s#stem that cannot be istin'uishe b# an# means an uner an# circumstances !rom ranom ata. %0m not sure this is even *ossible& but % can sho$ $a#s in $hich $e !all short o! the ieal. )o illustrate these *oints& consier the !ollo$in' t$o strin's o! ranom he, i'its1 b228344545b!b20!8be2c05526a!44 02b!24c2c786b3082808662!ee800 Which stin' contains ranom ata an $hich contains encr#*te ata" )his is a trick +uestion because the truth is& neither oes. )he !irst strin' $as 'enerate usin' echo .8i 9om. : aes*i*e : ,, -*s $ith *ass$or .as!;kl+$eruio*(,cvnm. $hile the secon $as 'enerate usin' i!<=ev=uranom count<25 bs<2 : ,, -*s $hich is a se+uence calculate b# the kernel0s non-blockin' *seuo-ranom number 'enerator >?@AGB. ?@AG0s are similar to encr#*tion al'orithms in that the# use mathematical !ormulas to 'enerate subse+uent elements o! the se+uence. )he# con!orm to certain s*ectral re+uirements >e' heas or tails are e+uall# *robabl#B an eneavor to is'uise correlation& an so the# act as ecent a**ro,imations to ranom number se+uences. A better $a# to 'enerate ranom numbers is to use ranom *h#sical events& like rollin' ice or $eather !luctuations. )he kernel *rovies =ev=ranom that 'athers it entro*# >ie ranomnessB !rom the har$areC ho$ever& since this re+uires s#stem activit# to accumulate be!ore it can eliver those ranom numbers& it blocks. )r# usin' i!<=ev=ranom instea o! =ev=uranom in the e,am*les belo$ an #ou0ll see ho$ anno#in' the $ait can beD %0ll use uranom throu'hout& but to make these true tests& $e shoul use ranom. A !e$ more *oints to note be!ore movin' one1 2B %t shoul not matter $hether the attacker kno$s $hat c#*her $as use in encr#*tin' the messa'e --- in the above case % use 228-bit A/S. )he messa'e is sa!e unless he also kno$s the secret *ass$or. A cracke ci*her is one in $hich the attacker can obtain the clear messa'e $ithout the secret in a reasonable about o! time. 9athematicall#& ecr#*tion < -> encr#*te messa'e& ci*her& secret B runs in a reasonable amount o! c*u time an 'ives 'arba'e unless the ri'ht secret is su**lie. %n our e,am*le& echo -n .b228344545b!b20!8be2c05526a!44. : ,, -r -*s : aes*i*e - returns .8i 9om. onl# $hen $e su**l# the ri'ht secret. %t uses onl# !ractions o! a secon o! c*u time an *re*enin' .time. to the above comman 'ives1 real 0m3.062s user 0m0.000s s#s 0m0.028s %n contrast& a !unction like this ecr#*tion < G> encr#*te messa'e& ci*her B $hich runs in a reasonable amount o! c*u time oes not e,ist !or a 'oo ci*her. %! it i an $ere !oun& then $e $oul sa# that the ci*her is cracke. Since the ke# si(e is 228-bits& this means there are 2E228 < 3.6,20E38 *ossible ke#s to tr# an one an onl# one $ill ecr#*t the messa'e. Since each attem*t takes about 0.03s this means a brute !orce attack $oul take about 20E33s < about 20E27 li!etimes o! the kno$n universe. )o cover this ke# s*ace& aes*i*e insists on a *ass$or o! 20 chars lon' or more. %ncluin' u**er=lo$er=numbers=s*ecial chars& this means 76 *ossibilities !or each char an 76E20 < 2.7,20E37. %ts u* to the user no$ to choose ranoml# $ithin this *ass$or s*aces --- 'oo luckD Since humans *re!er eas# to remember *ass$ors to har& the actual istribution o! chosen *ass$ors is not uni!orm an so brute !orce attacks& like Fohn the @i**er.& *rocee b# tr#in' more *robable *ass$ors be!ore less *robabl# ones& leain' to a ictionar# attack. 2B Since kno$in' the ci*her shoul not 'ive the attacker an# avanta'e& some im*lementations& like the luks e,tension to m-cr#*t announce it in a heaer. 8ere0s an e,am*le obtaine usin' the !ollo$in' commans1 i!<=ev=uranom o!<mcr#*t-luks-A.bm* count<2 bs<29 losetu* =ev=loo*0 mcr#*t-luks-A.bm* cr#*tsetu* luks-ormat =ev=loo*0 he,um* -C =ev=loo*0 : more 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-essi| 00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256........| 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000060 00 00 00 00 00 00 00 00 00 00 04 08 00 00 00 10 |................| 00000070 ca 4e ae 89 ce d0 83 9e 6b aa 2d 74 8d ae 9d 56 |.N......k.-t...| 00000080 2e !1 63 81 69 18 a9 99 b5 c! 33 47 0e 03 !3 bd |..c.i.....3"....| 00000090 a0 b8 15 65 85 2e 6e !3 22 a1 7a 2e 2d a4 !6 50 |...e..#.$.%.-..&| 000000a0 73 69 07 !! 00 00 00 0a 39 62 37 62 62 33 64 32 |si......9b7bb3d2| 000000b0 2d 37 62 31 63 2d 34 66 63 39 2d 39 32 33 36 2d |-7b1c-4!c9-9236-| 000000c0 39 36 61 61 64 31 36 64 62 36 35 65 00 00 00 00 |96aad16db65e....| 000000d0 00 ac 71 !3 00 04 18 31 ee c0 18 69 ed 2b d9 5d |..'....1...i.(.)| 000000e0 6e 55 b0 53 66 8d a1 13 e9 75 a9 80 !d 0e bb 38 |#U.S!....*.....8| 000000!0 6c c5 4b 40 b9 c7 ee 2d 00 00 00 08 00 00 0! a0 |+.K,...-........| )he he,um* is *rett# clear& but to make it even easier cr#*tsetu* *rovies a utilit# $hich $ill *resent this in!ormation in a human reaable !orm. )he !ollo$in' cr#*tsetu* luksGum* =ev=loo*0 #iels LHIS heaer in!ormation !or =ev=loo*0 Jersion1 2 Ci*her name1 aes Ci*her moe1 cbc-essiv1sha245 8ash s*ec1 sha2 ?a#loa o!!set1 2032 9I bits1 228 9I i'est1 ca 6e ae 87 ce 0 83 7e 5b aa 2 36 8 ae 7 45 2e !2 53 82 9I salt1 57 28 a7 77 b4 c! 33 63 0e 03 !3 b a0 b8 24 54 84 2e 5e !3 22 a2 3a 2e 2 a6 !5 40 33 57 03 !! 9I iterations1 20 HH%G1 7b3bb32-3b2c-6!c7-7235-75aa25b54e Ie# Slot 01 /AABL/G %terations1 258333 Salt1 ee c0 28 57 e 2b 7 4 5e 44 b0 43 55 8 a2 23 e7 34 a7 80 ! 0e bb 38 5c c4 6b 60 b7 c3 ee 2 Ie# material o!!set1 8 A- stri*es1 6000 Ie# Slot 21 G%SABL/G Ie# Slot 21 G%SABL/G Ie# Slot 31 G%SABL/G Ie# Slot 61 G%SABL/G Ie# Slot 41 G%SABL/G Ie# Slot 51 G%SABL/G Ie# Slot 31 G%SABL/G While none o! this in!ormation hel*s the attacker to ecoe the encr#*te ata $hich !ollo$s the heaer& it oes 'ive a$a# some in!ormation. %t sa#s .$hat !ollo$s is encr#*te ata& it is encoe usin' 228-bit A/S& the moe in $hich this encr#*tion is use is ci*her block-chainin' $ith initiali(ation vector calculate usin' sha245 .... )his is harmless enou'h e,ce*t that it iminishes plausible deniability meanin' that i! the attacker is able to coerce the victim into 'ivin' over the ke#& the victim has a more i!!icult time en#in' that there is an# ke# to be 'iven over an $hat the attacker is lookin' at is ;ust ranom ata. Some encr#*tion im*lementations& like truecr#*t& a**roach *lausible eniabilit# b# creatin' a .hien. volume. %n this a**roach& there are t$o *ass$ors& one $hich unlocks the true hien volume an another $hich unlocks a !ake volume. When coerce& the victim can 'ive the ke# to unlock the !ake volume $hile remainin' silent about the true volume. %! $e take the ieal o! .(ero in!ormation loss. then an# luks-t#*e heaer $hich iscloses the metaata o! the encr#*te ata com*romises *lausible eniabilit#. %n this case& im*lementations like m-cr#*t $ithout luks e,tensions or loo*-aes are *re!erre. 8o$ever& in cases $here *lausible eniabilit# is not an issue& then a luks-t#*e heaer has avanta'es& e'. the hal=bus s#stem in Gnome reco'ni(es the luks heaer an initiates a ialo' $here the user can enter the *ass$or an obtain the ecr#*te volume as an icon on the eskto* $hen he *lu's in an encr#*te *en rive. %! all the *otential victim is tr#in' to *rotect a'ainst is the!t& then eniabilit# is not an issue. But i! it comes to a re*ressive re'ime tr#in' to commit human ri'ht abuses& then *lausible eniabilit# an (ero in!ormation take on a ne$ imension. Cryptanalysis with bitmaps Let0s return to the ori'inal +uestion arme $ith the above kno$le'e. %s it *ossible to reco'ni(e the i!!erence bet$een >*seuoB ranom ata an encr#*te ata even in the absence o! an# metaata" %0ll emonstrate belo$ that in some circumstances the ans$er is #es. )o make m# *oints as obvious as *ossible& %0ll use bitma* ima'es to emonstrate $hat0s 'oin' on. Let0s start $ith our re!erence s#stems A B A - B Fig 1 )hese ima'es $ere create usin' )he Gim* as 200,200 26-bit bm* ima'es. >% ha to rener them as ;*' to *ut on the $eb *a'e& but that $as the ver# last ste*. )he ori'inal bitma*s can be obtaine here.B )he B.bm* !ile re*resents *ure $hite& an its bo# is mae u* o! all he, values --. A.bm* is also mostl# --0s e,ce*t !or the black A $hich are 000s. )here are also some transitional values at the boarer bet$een the black A an an $hite back'roun. )he ima'e A-B.bm* $as create b# co*#in' all o! B.bm* to the cli*boar& an *astin' it into A as a ne$ la#er. )he t$o la#ers $ere then .i!!erence. usin' the la#er *anel >#ou can brin' it u* usin' Wino$s <K Gockable Gialo's <K La#ersB. 8ere are our re!erence ranom ata ima'es1 @anom 2 @anom 2 @anom 2 - @anom 2 Fig 2 )hese ima'es $ere create usin' the !ollo$in'1 i!<=ev=uranom o!<ranom.bm* count<220046 bs<2 i!<A.bm* o!<ranom.bm* count<46 bs<2 conv<notrunc )he !irst line creates a ranom !ile the si(e o! A.bm* an the secon line as the 46 b#te bm* heaer. %t is ientical !or all our bitma*s o! the same si(e so $e can ;ust li!t it !rom A.bm*. % ae this heaer !or all o! the encr#*te or ranom !iles belo$ as a !inal ste* to rener the !ile as a vie$able bitma*. %0ll use this *oor man0s cr#*tanal#sis to look at some im*lementations o! encr#*tion. %0ll start $ith *oor im*lementations an $ork to$ars our best *ractices. Hsin' bitma*s is not ri'orous& but its a nice techni+ue to illustrate $hat $e0re lookin' !or. At the time o! this $ritin'& %0m coin' u* a suite o! test base o!! o! Inuth0s $ork on ranom number. Sta# tuneD Why embed encrypted data within random data and why using cipher block chaining Almost all so!t$are $hich installs encr#*te s#stems $ill la# o$n ranom ata on the evice !irst an e!ault to some stron' ci*her >e' 228-bit aesB im*lemente $ith ci*her block chainin'. Let0s use our bitma* cr#*tanal#sis to see $hat ha**ens i! #ou on0t. -irst let0s *ut A.bm* $ithin an unencr#*te e,t2 !ile s#stem !or re!erence --- $here o the blocks o! A.bm* 'et *ut insie a !iles#stem" % *rouce this ima'e as !ollo$s1 i!<=ev=(ero o!<e,t2-A.bm* count<680046 bs<2 losetu* =ev=loo*0 e,t2-A.bm* mke2!s =ev=loo*0 mount =ev=loo*0 (((= c* A.bm* (((= umount (((= losetu* - =ev=loo*0 i!<A600.bm* o!<e,t2-A.bm* count<46 bs<2 conv<notrunc Aote that A600.bm* is a 600,600 26-bit bm* $hich is 680046 b#tes in si(e. )he lar'er si(e accommoates a lar'er !ile !or the e,t2 !iles#stem so that one can co*# A.bm* into it $ithout runnin' out o! evice s*ace. %t is also commensurate $ith the 200,200 bm* so that the A oesn0t 'et $ra**e unreco'ni(eabl# $hen the !ile s#stem is renere as a bm* ima'e. Let0s similarl# *ut A.bm* into a *oorl# encr#*te e,t2 !ile s#stem. 8ere $e make t$o mistakes1 2B $e o not !irst !ill u* the !ile s#stem $ith >*seuoB ranom ata be!ore encr#*tin' an !ormattin'& an seconl# $e on0t use an# ci*her block chainin'. )his ima'e $as *rouce as !ollo$s i!<=ev=(ero o!<e,t2-enc2-A.bm* count<680046 bs<2 losetu* =ev=loo*0 e,t2-enc2-A.bm* cr#*tsetu* -c aes-ecb create e,t2-enc2-A.bm* =ev=loo*0 mke2!s =ev=ma**er=e,t2-enc2-A.bm* mount =ev=ma**er=e,t2-enc2-A.bm* (((= c* A.bm* (((= umount (((= msetu* remove e,t2-enc2-A.bm* losetu* - =ev=loo*0 i!<A600.bm* o!<e,t2-enc2-A.bm* count<46 bs<2 conv<notrunc Since *ulls its ata out o! =ev=(ero& the !ile s#stem stats $ith a base o! all (eros belo$ the encr#*tion la#er. Also& cr#*tsetu* -c aes-ecb sets u* a m-cr#*t la#er $ithout an# chainin'& ie& each block is encr#*te ine*enentl# o! an# other block& so a clear block o! all 00s is al$a#s encr#*te into the same encr#*te block. )he *attern o! the !ile $ithin the !ile s#stem clearl# emer'es. -inall#& let0s re*eat the above& but this time $e0ll correct one o! our mistakes. We0ll la# o$n ranom ata uner the encr#*tion la#er& but $e0ll still use aes-ecb. Clear e,t2 aes-ecb on Lero back'roun aes-ecb on @anom back'roun Fig %ts clear $hat0s ha**enin' here. )he since each block is encr#*te ine*enentl# o! others& the unerl#in' structure comes throu'h. We are no $here near the ieal o! (ero in!ormation. Dm!crypt"s de#ault aes!cbc!essiv$sha2%& with random #iller La#in' o$n a ranom back'roun an chainin' is clearl# im*ortant. )here are several techni+ues o! chainin'& but the unerl#in' iea is similar. %n CBC moe& the most *o*ular !orm o! chainin'& a block is MN@e $ith the *revious encr#*te block be!ore it itsel! is encr#*te& thus creatin' a .chain.. An initiali(ation vector is use !or the ver# !irst block. Since blocks are not encr#*te ine*enentl# o! other blocks& a block o! sa# all 00s $ill not al$a#s be encr#*te in the same $a#& an the structure o! the unerl#in' clear !ile s#stem oesn0t emer'e as obviousl# as in ecb. Let0s re*eat the *revious e,*eriment& but this time& $e0ll use aes-cbc-essiv1sha245. We0ll still use all (eros an ranom ata !or the unencr#*te back'roun !or com*arison. 8ere0s $hat one 'ets1 Clear e,t2 aes-cbc-essiv1sha245 on Lero back'roun aes-cbc-essiv1sha245 on @anom back'roun Fig ' )he im*ortance o! a ranom back'roun is a**arent in this e,am*le. )he chainin' certainl# obscure the structure o! the unerl#in' !ile s#stem& but the outline o! lar'e re'ions o! em*t# s*ace are still iscernible. When these em*t# re'ions are !ille $ith ranom ata& it becomes nearl# im*ossible to tell $hat0s encr#*te an $hat is ranom. %n !act& the 228-bit aes-cbc-essiv1sha245 *asses all the stanar tests !or ranom number on both a local an 'lobal scale --- this is the sub;ect o! another $riteu* that %0ll *ost another time. In#ormation leak despite random #iller and chaining At this *oint the reaer ma# think he0s sa!e an arrive at .(ero in!ormation loss.& but un!ortunatel#& there is still another kin o! attack that can be launche. )his one e*ens on the attacker bein' able to $atch the encr#*te !ile s#stem at sna*shots in time. )his mi'ht ha**en& !or instance& i! the victim backs u* his ata to a har rive $hich he then stores o!! site. %! the attacker sneaks bet$een backu*s an ima'es the isks& it then become *ossible !or him to launch this kin' o! attacks. 8ere are three emonstrations o! this attack1 aB aes*i*e is able to o*erate in several moes. Nne moe is a 228-bit aes-cbc $ith a sim*le initiali(ation vector an one *ass$or. Another is multi-ke#-v3 moe& $hich also em*lo#s 228-bit aes- cbc& but uses 56 i!!erent ke#s to encr#*t the blocks --- the !irst ke# !or the !irst block& the secon !or the secon an so on in a c#clical !ashion. %t also uses a 54th ke# *lus 9G4 !or the initiali(ation vector. Still& i! an attacker has access to a !ile s#stem be!ore an a!ter the aition o! ata& evience emer'es o! the unerl#in' encr#*tion. )he !ollo$in' bitma*s $ere 'enerate to illustrate the sin'le ke# sim*le initiali(ation vector moe1 aes*i*e O A.bm* K aesA.bm* aes*i*e O B.bm* K aesB.bm* i!<A.bm* o!<aesA.bm* count<46 bs<2 conv<notrunc i!<B.bm* o!<aesB.bm* count<46 bs<2 conv<notrunc )he Gim* $as then use as escribe above to *rouce aesA-aesB.bm*. 8ere are the results1 A.bm* uner aes-cbc-*lain B.bm* uner aes-cbc-*lain aes A - aes B Fig % Nne can com*are these to bitma*s !or multi-ke#-v3. -irst $e 'enerate a !ile containin' the 54 ke#s1 hea -c 2724 =ev=uranom : uuencoe -m - : hea -n 55 : tail -n 54 : '*' --s#mmetric -a K ke#.'*' An then $e use the ke# !ile to *rouce the encr#*te bitma*s1 aes*i*e -I ke#.'*' O A.bm* K aesA-v3.bm* aes*i*e -I ke#.'*' O B.bm* K aesB-v3.bm* i!<A.bm* o!<aesA-v3.bm* count<46 bs<2 conv<notrunc i!<A.bm* o!<aesB-v3.bm* count<46 bs<2 conv<notrunc 8ere are the results1 A.bm* uner multike#-v3 aes B.bm* uner multike#-v3 aes multike#-v3 aes A - multike#-v3 aes B Fig & %ts clear that the chan'e to the !ile s#stem is better blurre but there is still some in!ormation to be 'aine about the unerl#in' unencr#*te ata. bB Let0s tr# the same test usin' 228-bit aes-cbc-essiv1sha245 on a ranom back'roun. 8ere $e0ll em*lo# luks e,tensions !or convenience& but this is not necessar#& nor oes it chan'e our conclusions1 i!<=ev=uranom o!<e,t2-enc4-A.bm* count<2080046 bs<2 losetu* =ev=loo*0 e,t2-enc4-A.bm* cr#*tsetu* luks-ormat =ev=loo*0 cr#*tsetu* luksN*en =ev=loo*0 e,t2-enc4-A.bm* mke2!s =ev=ma**er=e,t2-enc4-A.bm* mount =ev=ma**er=e,t2-enc4-A.bm* (((= c* A.bm* (((= umount (((= msetu* remove e,t2-enc4-A.bm* losetu* - =ev=loo*0 c* e,t2-enc4-A.bm* e,t2-enc4-B.bm* losetu* =ev=loo*0 e,t2-enc4-B.bm* cr#*tsetu* luksN*en =ev=loo*0 e,t2-enc4-B.bm* mount =ev=ma**er=e,t2-enc4-B.bm* (((= c* B.bm* (((=A.bm* umount (((= msetu* remove e,t2-enc4-B.bm* losetu* - =ev=loo*0 i!<A500.bm* o!<e,t2-enc4-A.bm* count<46 bs<2 conv<notrunc i!<A500.bm* o!<e,t2-enc4-B.bm* count<46 bs<2 conv<notrunc 8ere are the results1 A.bm* uner aes-cbc-essiv1245 B.bm* uner aes-cbc-essiv1245 aes-cbc1essiv245 A - aes-cbc1essiv245 B Fig ( cB )o !airl# com*are loo*-aes0s multike#-v3 $ith mcr#*t aes-cbc-essiv1sha245& $e re*eat the *revious test $ith loo*-aes. i!<=ev=uranom o!<e,t2-enc5-A.bm* count<2080046 bs<2 losetu* -e A/S228 -I ke#.'*' =ev=loo*0 e,t2-enc5-A.bm* mke2!s =ev=loo*0 mount =ev=loo*0 (((= c* A.bm* (((= umount (((= losetu* - =ev=loo*0 c* e,t2-enc5-A.bm* e,t2-enc5-B.bm* losetu* -e A/S228 -I ke#.'*' =ev=loo*0 e,t2-enc5-B.bm* mount =ev=loo*0 (((= c* B.bm* (((=A.bm* umount (((= losetu* - =ev=loo*0 i!<A500.bm* o!<e,t2-enc5-A.bm* count<46 bs<2 conv<notrunc i!<A500.bm* o!<e,t2-enc5-B.bm* count<46 bs<2 conv<notrunc 8ere are the results1 A.bm* uner multike#-v3 B.bm* uner multike#-v3 multike#-v3 A - multike#-v3 B Fig ) %! $e (oom in on the bans& $e can see that multike#-v3 loo*-aes oes a better ;ob than aes-cbc- essiv1sha245 mcr#*t an hiin' the unerl#in' ata1 Fig * +est ,ractice Ao$ that $e kno$ more about ho$ in!ormation can leak !rom an encr#*te !ile s#stem& $e can conclue $ith some avice !or best *ractices. %n aition to chosin' multike#-v3 loo*-aes& to avoi e,*osin' the unerl#in' structure o! the clear !ile s#stem& one can tr# !illin' u* the em*t# s*ace $ith >*seuoB ranom ata. )o illustrate& $e re*eate the *revious e,am*le& but a!ter co*#in' A.bm* into the !iles#stem& $e !ille u* the remainin' em*t# s*ace as !ollo$s1 c ((( i!<=ev=uranom o!<$aste When $e remount the s#stem& $e !irst clear the s*ace b# removin' .$aste.& o our $ork an then !ill it back u* a'ain $ith >*seuoB ranom ata1 c ((( rm $aste c* ..=B.bm* A.bm* i!<=ev=uranom o!<$aste )he results !ollo$1 A.bm* P ranom !iller uner multike#-v3 B.bm* P ranom !iller uner multike#-v3 multike#-v3 AP!iller - multike#- v3 BP!iller Fig 1- Some o! the unerl#in' structure is still visible& but it is clear that $e0re 'ettin' closer to the situation in -i' 2. -inall#& let0s 'o one more ste*. 8o$ about scatterin' A.bm* throu'h the blocks o! the !ile s#stem& in other $ors& !ra'mentin' it" Hsuall# one $ants to avoi !ra'mentation because it as latenc# to %N urin' har rive seeks. )his is not an issue $ith soli state evices& such as *en rives or SSG0s an so $e shoul consier $hat bene!it is 'aine in terms o! encr#*tion. -irst& let0s see $hat ha**ens to A.bm* $hen it is !ra'mente on an unencr#*te rive. We o this b# creatin' lots o! little !iles an eletin' ever# tenth one >an it bit moreB be!ore co*#in' in A.bm*1 i!<=ev=uranom o!<e,t2-!ra'.bm* count<2080046 bs<2 losetu* =ev=loo*0 e,t2-!ra'.bm* mke2!s -A 2026 =ev=loo*0 mount =ev=loo*0 ((( c ((( !or i in Q>se+ 2 2026B C o i!<=ev=(ero o!<Qi.$aste count<2 bs<2k C one rm -! R3.$aste rm -! "3".$aste c* ..=A.bm* . c .. umount ((( i!<A500.bm* o!<e,t2-!ra'.bm* count<46 bs<2 conv<notrunc 8ere is the result1 Fig 11 So let0s moi!# our techni+ue o! !illin' the em*t# s*ace $ith ranom ata b# !urther !orcin' the !ra'menation o! A.bm* an B.bm*. i!<=ev=uranom o!<aes-e,t2-!ra'-A.bm* count<2080046 bs<2 losetu* -e A/S228 -I ke#.'*' =ev=loo*0 aes-e,t2-!ra'-A.bm* mke2!s -A 2026 =ev=loo*0 mount =ev=loo*0 (((= c (((= !or i in Q>se+ 2 2026B C o i!<=ev=uranom o!<Qi.$aste count<2 bs<2k C one rm -! R6.$aste R3.$aste c* ..=A.bm* . !or i in Q>se+ 2024 2068B C o i!<=ev=uranom o!<Qi.$aste count<2 bs<2k C one c .. umount (((= losetu* - =ev=loo*0 c* aes-e,t2-!ra'-A.bm* aes-e,t2-!ra'-B.bm* losetu* -e A/S228 -I ke#.'*' =ev=loo*0 aes-e,t2-!ra'-B.bm* mount =ev=loo*0 (((= c (((= c* ..=B.bm* A.bm* rm -! R.$aste c .. umount (((= losetu* - =ev=loo*0 Hsin' our subtraction attack& here0s $hat $e !in1 A.bm* P ranom !iller P !ra'mentation uner multike#-v3 B.bm* P ranom !iller P !ra'mentation uner multike#-v3 multike#-v3 AP!illerP!ra' - multike#-v3 BP!illerP!ra' Fig 12 )he black bans >re'ions o! no chan'eB are still visible as in -i' 20& but are more scattere re!lectin' the !ra'mentation o! the unerl#in' !ile. %t is unlikel# $e can totall# eliminate these re'ions o! unchan'e ata because the# *robabl# re*resent the !ile s#stem0s metaata& ie& the i-noes an su*erblocks.
Secrets And Mysteries Now Revealed For The First Time: Handcuffs, Iron Box, Coffin, Rope Chair, Mail Bag, Tramp Chair, Glass Case, Paper Bag, Straight Jacket. A Complete Guide And Reliable Authority Upon All Magic Tricks