[nSLUG] RAID on USB flash disks
nslug at kernelpanic.ca
Sun Mar 12 20:06:59 AST 2006
On Sun, Mar 12, 2006 at 06:10:08PM -0500, Stephen Gregory wrote:
> It don't think this would be secure. I believe getting one of the
> three keys would give you half the data.
I did some tests and large chunks of data are easily read. An attacker
who retrieved one of the keys would have one third of your data.
Wikipedia has an article on securely splitting data. Read the "Trivial
secret sharing" section:
What I did to test the raid:
created 3 1MB files and attached the files to loop devices:
$ dd if=/dev/zero of=dev1 bs=1024 count=1024
# losetup -f dev1
repeat for dev1 dev2
created the raid array. --auto may be a Debianism.
# mdadm --create --level=5 --auto /dev/md0 --raid-devices 3 /dev/loop0 /dev/loop1 /dev/loop2
created a filesystem, mounted it, and filled the fs with data
# mke2fs /dev/md0
# mount /dev/md0 /mnt
$ while echo "AAAA" >> /mnt/foo; do true; done
umounted, stopped the raid array, and removed the loops
(I also waited to insure the raid was fully synced)
# umount /mnt
# mdmadm --stop /dev/md0
# loset -d /dev/loop0
repeat for loop1 loop2
then checked for the AAAA pattern
$ grep -c AAAA dev1
each AAAA match is 5 bytes. 4 chars + return (0x0a). 127578 * 5 is
623KiB. The size of the "foo" file would have been about 1900KiB.
More information about the nSLUG