Re: Questions about misuse vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Phil Grundig <wdef200@xxxxxxxxxxx> wrote:

> That doesn't help the attacker much (at all?) in attempting to
> break the encryption though, but it does negate plausible
> deniability?

Given that plausible deniability is very hard to achieve, I'm curious
about the specific setup you had in mind.


> > 16 bytes of known plaintext starting at any (except first) 16
> > byte boundary on a disk sector allows adversary to try brute
> > force attack for one AES key.
> 
> And, if successful, an attacker only gets a single line of the
> multiline key, yielding a "venetian blind" view of the data. Unless
> they repeat the attack on other known plaintext sectors to get more
> lines of the multiline key.  Is that a correct understanding?

Well, "only" is already too much:

The advantage of loop-AES over dm-crypt f.e. is that the key can be
stored on a seperate medium. Even the knowledge of which encryption
algorithm used can be withheld from the attacker.

Keep in mind that an attacker, always, must be prevented from gaining
ANY information at all about the crypto implementation used, because
any information about it helps the attacker, to some extend.

Also, the question always is if the information obtained is of
practical use to the attacker.
 

> How many bytes is each single slice on the disk that is encrypted
> with one line of the key?  (Is is 512?).

As I understand it, loop-AES just encrypts sectors. Usually they are
512-byte sized but if you look at CDs and exotic media, there's
other sizes.


> > But 128/192/256 bits of key space is too much to brute
> > force.
> 
> Would "brute forcing" be the correct terminology here?

Yes.


> If the plaintext and ciphertext are known, then the key for that
> sector can be deduced?

It would be very bad if that were the case.

If the cipher is weak, if a known/chosen-plaintext attack was
successful, then the key could be deduced with justifiable effort.

Keep in mind that a considerable  amount of time and effort has been
spent on breaking ciphers like AES, twofish, serpent, ..., including
utilizing both known cipher- and plaintexts. So far no public
knowledge exists of a successfull attack.

Still, the best (fastest) way to break any encryption is rubber-hose
cryptanalysis.


> I thought brute forcing meant simply trying keys
> on the ciphertext (without knowing the plaintext) until the
> ciphertext decrypted.

So far, to my knowledge, the AES algorithm can withstand attacks you
describe in a way that a brute force attack is the way to go. 

Of course we don't know about the knowledge of the NSA, but recently
there was an intriguing attack published, read more about it at
http://en.wikipedia.org/wiki/Cube_attack

I don't fully understand it, but the nature of the attack itself
seems to be worthwhile to pursue (there was some excited chatter
about it on crypto mailinglists).

-- 
left blank, right bald
loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq

Attachment: pgpgSFIx79LDn.pgp
Description: PGP signature


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux