jerome etienne wrote: > 3 years ago i published a paper describing how an attacker would be able > to modify the content of the encrypted device without being detected. > http://off.net/~jme/loopdev_vul.html > > i was just curious about the current state of loop-aes. Is it still > vulnerable to this attack ? Quote from loop-AES README file " Loop device encrypts data but does not authenticate ciphertext. In other words, it delivers data privacy, but does not guarantee that data has not been tampered with. Admins setting up encrypted file systems should ensure that neither ciphertext, nor tools used to access ciphertext (kernel + kernel modules, mount, losetup, and other utilities) can be trojaned or tampered. " -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
