On Tue, 18 Dec 2001, Jerome Etienne wrote: > Hello, > > The text attached describes what i believe to be a security hole in > the encrypted loop device for linux. Because of it an > attacker is able to modify the content of the encrypted device > without being detected. This text proposes to fix the hole by > authenticating the device. > > comments are welcome > > ps: version in html, pdf and ps can be found in http://www.off.net/~jme > Yes, this is a problem with loopback crypto. The problem is that the loopback interface assume that it's length preserving, and that make insertion of a MAC difficult. Calculating a MAC at mount/unmount will except taking long time, also fail to differ between tampering and a power failure. This may make the MAC useless in a security perspective. Power failures is so much more common than attacks, that user will ignore it when an attack comes. A cluster level MAC will not be length preserving, and that will be a problem with loopback. Well, other with more in depth knowledge of the block device part of the kernel should comment on this. My proposal is that a secure file system is the right way to go. In a file system, meta data like MACs is no problem, and features like per-user encryption can be inserted. A furter note: An attacker can do the following. If byte i in disk block Ck is modified, the the blocks from i and out is modified. if k = floor(i/8) then C0 .. Cn is replaced by C0 .. Ck-1 | Dk .. Dn, where D express the new cipher blocks. Reinserting Ck .. Cn can't be detected. This will also work if you get a collision between CBC blocks, like described earlier on this list. Then the data after the two cipher blocks can be exchanged. -- Gisle Sælensminde ( gisle@xxxxxxxxx ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925) - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
