jerome etienne wrote:3 years ago i published a paper describing how an attacker would be able
to modify the content of the encrypted device without being detected.
http://off.net/~jme/loopdev_vul.html
i was just curious about the current state of loop-aes. Is it still vulnerable to this attack ?
Though I'm not an expert on the code nor have I read through all the previous arguments, I'd say that your '3-year old attack' is not an attack on the loop-AES package nor something that patching it can fix.
the paper describing the attack propose 2 simple ways to fix the vulnerabilities. people, who care that an attacker could modify their content without being detected, may code or poke people who code to implement it
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
