Re: Vulnerability in encrypted loop device for Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 19 December 2001 04:20, Jerome Etienne wrote:
<snip>
> The text attached describes what i believe to be a security hole in
> the encrypted loop device for linux. Because of it an
> attacker is able to modify the content of the encrypted device
> without being detected. This text proposes to fix the hole by
> authenticating the device.
<snip>

IMO, this is nothing new. What you try to tell us is that encryption 
doesn't guarantee integrety. It doesn't, encryption provides only 
confidentiality. This is well-known and it's probably the first thing 
that's discussed in any cryptography textbook, chaper "modes of 
encryption". It's also well-known that CBC in the form used in kerneli, 
doesn't provide intergrety. No-one I know ever claimed that encrypted 
loop devices are immune to undetected alteration.

Given, nobody ever explicitly told the user, either.

I also strongly agree that having the encrypted filesystem MAC'ed would 
be a nice thing to have and you are the first (to my knowledge) to come 
forward with this idea.

But to call this a vulnerability is a bit far-featched, I think.

As a workaround, users could use GnuPG (or PGP if you want) to create a 
detached signature of the /dev/loop device after unmounting and to 
check this signature before mounting. If I'm not mistaken you can even 
leave the file lying around, since the MAC is then signed with your 
secret PGP key anyway.

Marc

- -- 
FTAA's anti-circumvention provisions represent US imperialism at its
worst. They seek to impose restrictive laws on both the US and other
countries, in order to prevent established US businesses from facing
both domestic and foreign competition.
              -- EFF FTAA Alert:
                 Stop Hollywood Forcing Technology Ban on 34 Countries
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8IJ1P3oWD+L2/6DgRAnh7AKCgdwx2xZZ33jdspBQJy4tCIZCHHACgy1R6
dvTWSGoxubwtuM0npIhaSo8=
=hPBO
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/



[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux