-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 19 December 2001 04:20, Jerome Etienne wrote:
<snip>
> The text attached describes what i believe to be a security hole in
> the encrypted loop device for linux. Because of it an
> attacker is able to modify the content of the encrypted device
> without being detected. This text proposes to fix the hole by
> authenticating the device.
<snip>
IMO, this is nothing new. What you try to tell us is that encryption
doesn't guarantee integrety. It doesn't, encryption provides only
confidentiality. This is well-known and it's probably the first thing
that's discussed in any cryptography textbook, chaper "modes of
encryption". It's also well-known that CBC in the form used in kerneli,
doesn't provide intergrety. No-one I know ever claimed that encrypted
loop devices are immune to undetected alteration.
Given, nobody ever explicitly told the user, either.
I also strongly agree that having the encrypted filesystem MAC'ed would
be a nice thing to have and you are the first (to my knowledge) to come
forward with this idea.
But to call this a vulnerability is a bit far-featched, I think.
As a workaround, users could use GnuPG (or PGP if you want) to create a
detached signature of the /dev/loop device after unmounting and to
check this signature before mounting. If I'm not mistaken you can even
leave the file lying around, since the MAC is then signed with your
secret PGP key anyway.
Marc
- --
FTAA's anti-circumvention provisions represent US imperialism at its
worst. They seek to impose restrictive laws on both the US and other
countries, in order to prevent established US businesses from facing
both domestic and foreign competition.
-- EFF FTAA Alert:
Stop Hollywood Forcing Technology Ban on 34 Countries
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8IJ1P3oWD+L2/6DgRAnh7AKCgdwx2xZZ33jdspBQJy4tCIZCHHACgy1R6
dvTWSGoxubwtuM0npIhaSo8=
=hPBO
-----END PGP SIGNATURE-----
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
