Hi!
I have the following idea about implementing session keys in loop-AES,
and I'd like to hear what you think of it.
Goals:
1. The user must be able to change the password of the encrypted device
2. More than one user has to be able to access (unlock) the
device (w/password)
3. Users (passwords) can be added or removed as time goes on
Definitions:
1. Every losetup'd virtual device would have it's own SESSIONKEY
(random, generated)
2. Every device would have a random SEED (also generated)
3. Every device could have one or more PASSWORDs, which can "unlock" it.
The user only has to know one of the PASSWORDs.
Implementation thoughts:
1. On the device, the first 32(?) kbytes of space would be "reserved",
and used by the encryption system.
This equals to an "offset+=32768", easy to implement.
2. For each PASSWORD, there would be an encoded datablock, which
would contain the SESSIONKEY and the SEED, encrypted.
3. Functionality gets more complex.
You need:
- initialization/creation phase
- unlocking (with a password) function
- add/modify/remove/list keys
Possible weakness(es):
1. If someone knows one PASSWORD, he might possibly be able to get
the SESSIONKEY, too. This way, password "revokation" can be nulled.
If the SESSIONKEY is held in kernel-space, the raw device cannot be
read and the user has no root access, this is not a problem.
2. The "encoded datablock", which contains the keys might be easier to
crack, by brute force, if it's very small.
| Noll Janos <johnzero@johnzero.hu> | http://www.johnzero.hu |
| "Expect the unexpected!" | ICQ# 4547866 | Be free! |
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
