From Wikipedia, the free encyclopedia

GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD,[1][2] initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc. (now known as McAfee).[3]

Design decisions[edit]

Unlike most disk encryption software, GBDE does not attempt to defeat watermarking attacks through the use of disk encryption-specific modes of operation (see disk encryption theory), but instead generates a random key each time a sector is written.[4] Unlike some alternatives, such as CBC with sector-specific initialization vectors, this approach does not reveal any information to the attacker even if they have access to snapshots of the disk image from different points in time, since encryption keys are never re-used.

The one time sector key is encrypted using a pseudorandom key. This pseudorandom key is derived from the sector number and a static 2048-bit master key with 128 bits of salt. The pseudorandom number generator used for this purpose is called the Cherry Picker. This is not a well established PRNG, but rather one invented for GBDE. This generator may not meet the security levels of standard algorithms, and could be distinguishable from random numbers.[5]


Due to this unique approach, GBDE only supports 128-bit AES. Using a different key for each write also introduces a significant CPU overhead, as most block ciphers use key-specific precomputations, and makes disk updates non-atomic since the keys are written separately from the data.[5][6][7] As a result, data loss can occur on unexpected power drops, even when used with journaling file systems. GBDE also has a disk space overhead of about 3% to store the per-sector keys.

To address these shortcomings, a more typical disk encryption solution for FreeBSD, GELI, was written later by Pawel Jakub Dawidek.

See also[edit]


  1. ^ Michael W. Lucas (12 April 2013). Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD. No Starch Press. p. 558. ISBN 978-1-59327-221-0.
  2. ^ Malone, David (2005). "Security through obscurity: a review of a few of FreeBSD's lesser known security capabilities" (PDF). ;login:. 30 (5): 27–34.
  3. ^ "gbde(4) man page in FreeBSD 5.0". GBDE manual page. Retrieved 2007-01-01.
  4. ^ Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE Design Document. Retrieved 2007-01-01.
  5. ^ a b Roland C. Dowdeswell (2005-03-26). "Initial Analysis of GBDE" (PDF). Retrieved 2007-01-26.
  6. ^ Brož, M. (10 September 2018). "Practical Cryptographic Data Integrity Protection with Full Disk Encryption". In Lech Jan Janczewski (ed.). ICT Systems Security and Privacy Protection. Springer. p. 92. ISBN 978-3-319-99828-2.
  7. ^ Broz, Milan; Patocka, Mikulas; Matyas, Vashek (2018-07-01). "Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version". arXiv:1807.00309 [cs.CR].