jerome etienne wrote:
Jari Ruusu wrote:
jerome etienne wrote:
3 years ago i published a paper describing how an attacker would be able
to modify the content of the encrypted device without being detected.
http://off.net/~jme/loopdev_vul.html
i was just curious about the current state of loop-aes. Is it still vulnerable to this attack ?
so loopaes is still vulnerable to this 3-years old attack... but one minute before answering my email, you complained to somebody else that "Refusing to fix it for *years* counts as intentional backdoor."
funny no :)
The one who isn't funny is you. This is all very tedious, meaningless pointscoring on an issue which is, actually, not very interesting to (I'd say) a lot of us on the list. I'm not partisan in this, I've just had to put up with you and Fruhwirth stirring up trouble for a couple of days and I'd like you to stop.
Though I'm not an expert on the code nor have I read through all the previous arguments, I'd say that your '3-year old attack' is not an attack on the loop-AES package nor something that patching it can fix. Otherwise, presumably, you'd have submitted a fix for it like a good Open Source Citizen. Since you don't seem to have done this, I can only assume you're just stirring up trouble. It sounds to me like your attack would work equally well on other crypto packages that don't guard the kernel and its tools from intruders.
I'm not interested in replies, since I don't want to waste any more time listening to this kind of one-upmanship.
Paul
-- -- Paul Wayper at ANU - +61 2 6125 0643
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/