Re: Some ideas about crypto loop password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

PGPDisk does something similar to this. It stores a
'session' key in the .pgd file. The session key is
then decrypted by a passphrase or a private RSA or
DH/DSS key.

This is something I have been curious about for crypto
loop. Is the pass-phrase hashing done in the Kernel?
(it sort of looks like the ascii key is being passed
to ioctl/losetup). Can the binary 'session key' be
passed in to the LOSETUP (ioctl)? This would allow
someone to write a utility to mount a PGPDisk on Linux
ie.

  - get the encrypted session key and type of 
    encryption (CAST5-128 or Twofish-256) out of
    the .pgd file.
  - decrypt the session key using a passphrase or the
    users private key.
  - setup the loop device with the decrypted session
    key and the correct offset into the .pgd file.

I would assume the strategy is NOT to introduce
something like public/private key encryption into
the kernel?

[forgive me if this is FAQ, I've only been on the list
 for a couple months]

Thanks,
- Gregor Larson

> Date:	Mon, 11 Mar 2002 20:39:07 +0100
> From:	"Hannes R. Boehm" <hannes@boehm.org>
> Subject: Some ideas about crypto loop password
> management
> 
> 
> 
> Hi,
> 
> what do you think about this:
> 
> If I started my cryptoloop with an offset of 512
> byte, I'd have enough space to 
> store the key to the fs in encrypted form on the
> harddisk. This part is encrypted
> with a password.
> 
> If I used a predefined structure in this first 512,
> I would be able to detect, wether the password
> was correct or not. Since this block is independend
> of the rest of the harddisk, it would be possible
> to change the password without changing the fs-key.
> 
> Is it a risk to store a predefined structure in this
> 512 bytes (i dont think so, since the
> beginning of an ext2 fs is also quite well known.
> 
> Is there something to keep in mind when using an
> offset with cryptoloop ?
> 
> 
> Hannes
> --
> Hannes R. Boehm
> email:  hannes@boehm.org 
> web  :  http://hannes.boehm.org


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux