jerome etienne wrote:
3 years ago i published a paper describing how an attacker would be able to modify the content of the encrypted device without being detected. http://off.net/~jme/loopdev_vul.html
i was just curious about the current state of loop-aes. Is it still vulnerable to this attack ?
so loopaes is still vulnerable to this 3-years old attack... but one minute before answering my email, you complained to somebody else that "Refusing to fix it for *years* counts as intentional backdoor."
funny no :)
<joke>
if the loop-aes users have the same logic than the loop-aes author, they should deduce that he intentionnally backdoored loop-aes.
</joke>
i *obviously* dont believe it is true, it was just a funny bug.
Quote from loop-AES README file " Loop device encrypts data but does not authenticate ciphertext. In other words, it delivers data privacy, but does not guarantee that data has not been tampered with. Admins setting up encrypted file systems should ensure that neither ciphertext, nor tools used to access ciphertext (kernel + kernel modules, mount, losetup, and other utilities) can be trojaned or tampered. "
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/