o Spelling, punctuation and markup fixes.

o Correctly use the "No chain is stronger than its weakest link" adage.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 31 insertions, 18 deletions

diff --git a/share/man/man4/gbde.4 b/share/man/man4/gbde.4
index b333abd362c4..e79589b27dc3 100644
--- a/share/man/man4/gbde.4
+++ b/share/man/man4/gbde.4
@@ -41,18 +41,23 @@
 .Nm gbde
 .Nd Geom Based Disk Encryption.
 .Sh SYNOPSIS
-options GEOM_BDE
+.Cd options GEOM_BDE
 .Sh DESCRIPTION
 .Pp
 The objective of this facility is to provide a high degree of
-denial of access to the contents of a "cold" storage device.
+denial of access to the contents of a
+.Dq cold
+storage device.
 .Pp
 Be aware that if the computer is compromised while up and running
-AND the storage device is actively attached and opened with a valid
+.Em and
+the storage device is actively attached and opened with a valid
 pass-phrase, this facility offers no protection or denial of access
 to the contents of the storage device.
 .Pp
-If on the other hand, the device is "cold" it should present an formidable
+If on the other hand, the device is
+.Dq cold
+it should present an formidable
 challege for an attacker to gain access to the contents in the absense of
 a valid pass-phrase.
 .Pp
@@ -60,12 +65,14 @@ Four cryptographic barriers must be passed to gain access to the data,
 and only a valid pass-phrase will allow yield this access.
 .Pp
 When the pass-phrase is entered, it is used to seed an ARC4 based
-byte oriented PNRG which is used to produce what we call the "key-material".
+byte oriented PNRG which is used to produce what we call the
+.Dq key-material .
 This is a way to producing cryptographic usable keys from a typically
 all-ASCII pass-phrase of an unpredictable user-selected length.
-.Ss First barrier: the location of the "master-lock" sector.
+.Ss First barrier: the location of the \&"master-lock" sector.
 During initialization, up to four indepenent but mutually aware
-"master-key" sectors are written to the device in randomly chosen
+.Dq master-key
+sectors are written to the device in randomly chosen
 locations.
 These master-keys contain a 2048 random bit key and a number of parameters
 of the layout geometry (more on this later).
@@ -73,9 +80,10 @@ Since the entire device will contain isotropic data, there is no way
 short of trying, to determine which sequence of bytes contain 
 the encrypted master-key.
 .Pp
-To find one of these sectors, a small piece of data called the "lockdata"
+To find one of these sectors, a small piece of data called the
+.Dq lockdata
 and the key-material must be available.
-The keymaterial decrypts the
+The key-material decrypts the
 lockdata, which contains the byte offset on the device where the
 master-key is located.
 If the lockdata is lost or unavailable but the key-material is at
@@ -97,15 +105,18 @@ locate the corresponding encrypted sectors on the device, gaining access
 to the plaintext context of other sectors is a daunting task:
 First he will have to derive from the encrypted sector and the known plain
 text the sector key(s) used.
-(At the time of writing, it is speculcated that it could maybe be possible
+(At the time of writing, it is speculated that it could maybe be possible
 to do so in only 2^80 operations which is still a staggering number).
 .Pp
 Armed with one or more sector keys, our patient attacker will then go
 through essentially the same exercise, using the sector key and the
 encrypted sector key to find the key used to encrypt the sectorkey.
 .Pp
-Armed with one or more of these "key-keys" our attacker has to derive
-as much information about the 2048 bit master-key.  To do so, he
+Armed with one or more of these
+.Dq key-keys ,
+our attacker has to derive
+as much information about the 2048 bit master-key.
+To do so, he
 first has to reverse an MD5 hash, and then the PRNG-like algorithm
 which derives the MD5 input from the master-key.
 .Pp
@@ -120,7 +131,7 @@ applied to an individual to divulge the pass-phrase.
 .Pp
 A "Blackening" feature, given a moment of opportunity, provides a way
 for the user to destroy the master-key in such a way that the pass-phrase
-will still be acknowleded as good but access to the data will still be
+will still be acknowlegded as good but access to the data will still be
 denied.
 .Ss A practical analogy
 For persons who think cryptography is only slightly more interesting than
@@ -170,7 +181,7 @@ the vault.
 The final point to make here is that it is perfectly possible to
 make a detached copy of any one of these keys, including the master
 key, and deposit or hide it as one sees fit.
-.Ss steganography support
+.Ss Steganography support
 When the device is initialized, it is possible to restrict the encrypted
 data to a single contiguous area of the device.
 If configured with care, this area could masquerade as some sort of
@@ -188,7 +199,8 @@ some kind of structure or identifying byte sequences.
 Certain file formats like ELF contain multiple distinct sections, and it
 would be possible to locate things just right in such a way that a device
 contains a partition with a filesystem with a large executable,
-("a backup copy of my kernel") where a non-loaded ELF section is laid out
+.Dq ( "a backup copy of my kernel" )
+where a non-loaded ELF section is laid out
 consecutively on the device and thereby could be used to contain a
 .Nm
 encrypted device.
@@ -216,7 +228,8 @@ strength of
 .Nm .
 .Pp
 The payload is encrypted with AES in CBC mode using a 128 bit random 
-single-use key ("the skey").
+single-use key
+.Dq ( "the skey" ) .
 AES is well documented.
 .Pp
 The random key is produced with
@@ -226,7 +239,7 @@ which is belived to do a respectable job at producing unpredictable bytes.
 The skey is stored on the device in a location which can be derived from
 the location of the encrypted payload data.
 The stored copy is encrypted with AES in CBC mode using a 128 bit key
-("the kkey")
+.Dq ( "the kkey" )
 derived
 from the master key using a purpose built PRNG like algorithm seeded
 with the sector address of the data in question.
@@ -258,7 +271,7 @@ Each additional byte of pass-phrase after the first 255 adds significantly
 less entropy to the initial state of the ARC4 sbox due to aliasing in
 the ARC4 seeding algorithm.
 .Pp
-No weak is stronger than the weakest link which usually is poor pass-phrases.
+No chain is stronger than its weakest link, which usually is poor pass-phrases.
 .Sh SEE ALSO
 .Xr gbde 8 .
 .Rs