On Wed, Dec 19, 2001 at 02:59:42PM +0100, Marc Mutz wrote: > But to call this a vulnerability is a bit far-featched, I think. according to me, it is a vulnerabilty because user expects security from it and in my opinion, an attacker being able to successfully modify the device is a hole in the security. > As a workaround, users could use GnuPG (or PGP if you want) to create a > detached signature of the /dev/loop device after unmounting and to > check this signature before mounting. If I'm not mistaken you can even > leave the file lying around, since the MAC is then signed with your > secret PGP key anyway. using PGP/GPG would be another way to authenticate the device, less self-contained but it will works. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/