Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'except for swap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jari Ruusu wrote: 
Petersen wrote:

http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes
2.0f can't use multi-key encryption without using gpg-key also.



loop-AES-v3.0a mount and losetup can also read multi-key from file
descriptor specified with -p command line option.


But don't I need gpg-keys then? Perhaps I misunderstood the concept of multi-key-v3, is the keys actually gpg-keys? Of course I want a secure system, but I also would like to avoid kB's of random ascii data for the case if they disappear, and only have my memorised password left (and the encrypted partition).


I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only
swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only
for drives created with

losetup -e AES256 -itercountk=300 .... 


So does the encrypted swap in fact use 65 random/"unknown" gpg-keys?


That loop device is not in multi-key mode. The -C option (itercountk= mount
option) has no effect in multi-key mode.


- so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it) 


No.

The timebomb can explode only if someone uses version 3 multi-key file with
losetup/mount from loop-AES-v1.X or loop-AES-v2.X, or if someone uses
version 2 multi-key file with losetup/mount from loop-AES-v1.X.

In other words, all is fine is you use latest losetup/mount.


I didn't build (with) gpg because I want to have a change of recreating
my data in case of loss of gpg-key. Could that be why 'make tests'
fails? For the same reason I don't use password seed; it is also
difficult to figure out how to do it, from reading the README.



Please post exact error message of 'make tests' failure.


Is the security level of my setup (AES256, no gpg, no seed,
itercountk=300) to weak to bother?



Too weak. Avoid that kind of setup.

I suppose I can set a seed with 'losetup .. -S we23fef ...' or something? As the machine I want to encrypt is switched on and off every day, I will store gpg-keys and seed on hard disk or floppy (and put a copy 'somewhere safe').That equals security level 2) from your readme. The seed, being available to the attacker, is only good to force the attacter to discard his precomputed, nonseeded, dictionary list??


Could you explain how the watermark attack work? 


Watermarked files use special bit patterns that happen to trigger identical
ciphertexts. The number of consecutive identical ciphertexts can be
controlled and is used encode watermark.


Venkat gave some good explaining links, thanks. I understand that some file (all zeroes for example) will give identical encrypted blocks on the disk. Consequently, our all-zero file must give different blocks upon encryption(?) But doesn't this give easier corruption; for example, zip-files gets easily destroyed because byte N depends of bytes 0 to N-1, and if byte N gets altered, N to Nlast are wrong.


I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the write-cache (http://lwn.net/Articles/67223/). Perhaps you should add this to your README.

Another thing I struggled with a while back, is the confusion around the cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES equaled the kernel option, and supposed doing it 'your way' was getting obsolete after kernel 2.6.x integrated encryption in the kernel. I never got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it seems now that this is the superior method security wise.

 Regards, Henning Petersen


'make tests' complain about 'already existing directory', see attached output. 
dd if=/dev/zero of=test-file1 bs=1024 count=33
cp test-file1 test-file3
echo 09876543210987654321 | /sbin/losetup -p 0 -e AES128 /dev/loop7 test-file3
dd if=/dev/zero of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
make test-part2 CT=XOR    ITER=0  HF=sha256 GK= MD=d28220a1737763260f6e0109f141814a TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "d28220a1737763260f6e0109f141814a  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=NONE   ITER=0  HF=sha256 GK= MD=0b08ceeb8b609b0885471ba25a23f5a5 TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "0b08ceeb8b609b0885471ba25a23f5a5  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=AES128 ITER=0  HF=sha256 GK= MD=7c1cfd4fdd0d7cc847dd0942a2d48e48 TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "7c1cfd4fdd0d7cc847dd0942a2d48e48  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=AES192 ITER=0  HF=sha384 GK= MD=51c91bcc04ee2a4ca00310b519b3228c TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "51c91bcc04ee2a4ca00310b519b3228c  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=AES256 ITER=0  HF=sha512 GK= MD=1bf92ee337b653cdb32838047dec00fc TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "1bf92ee337b653cdb32838047dec00fc  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=AES256 ITER=0  HF=rmd160 GK= MD=c85eb59da18876ae71ebd838675c6ef4 TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "c85eb59da18876ae71ebd838675c6ef4  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
make test-part2 CT=AES256 ITER=10 HF=sha512 GK= MD=dadad48a6d3d9b9914199626ed7b710c TF=test-file1 PSW=12345678901234567890
make[1]: Entering directory `/usr/src/loop-AES-v3.0a'
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10  /dev/loop7 test-file1
dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc
/sbin/losetup -d /dev/loop7
echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10  /dev/loop7 test-file1
dd if=/dev/loop7 of=test-file4 bs=33792 count=1
/sbin/losetup -d /dev/loop7
md5sum test-file1 >test-file2
echo "dadad48a6d3d9b9914199626ed7b710c  test-file1" | cmp test-file2 -
cmp test-file3 test-file4
make[1]: Leaving directory `/usr/src/loop-AES-v3.0a'
mkdir test-dir1
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux