Hi All,
I've been reading a lot of information regarding dm-crypt and crytoloop vulnerability to known-plaintext and watermark attacks. I was wondering if the following dm-crypt setup method would solve the known-plaintext attack:
1. Encryption key generation and encryption using GPG:
head -c 32 /dev/urandom > secure.key gpg -c --cipher-algo AES256 secure.key
2. Secure volume creation using dm-crypt:
/usr/bin/gpg -q --cipher-algo AES256 --decrypt secure.key.gpg | \ /usr/local/bin/cryptsetup create secure_dev /dev/hdaX
The secure volume could then be mounted with:
/bin/mount /dev/mapper/secure_dev /mnt/secure
You could still compute a dictionary for a known-plaintext attack but being that the keylength is 256-bit and the key is essentially random (assuming good entropy from /dev/urandom) then the dictionary would be infeasibly large (perhaps even for a government organisation).
Questions:
1. Are there any problems with this method (apart from the danger of losing 'secure.key.gpg')?
2. What are the consequences of a section of the encrypted volume being corrupted? does dm-crypt use CBC or is each block encrypted individually resulting in only localised data loss through corruption?
3. Is it safe to use XFS with this setup?
4. I don't believe it does solve a watermark attack - what work-arounds would solve this?
Kind Regards,
Andrew
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
