On 12/23/2013 12:07 AM, /dev/ph0b0s wrote: > On 12/22, Milan Broz wrote: >> Below is very nice example of another "Evil maid" type attacks, >> here directly applied to LUKS CBC disks. >> >> I think it clearly shows known rule: >> If you let your machine out of your sight, it is no longer your machine. >> >> What is important (and blog mentions it) >> >> "It has already been known for a long time that CBC does not prevent >> a malleability attack (targeted manipulation of encrypted data) given >> that the attacker can modify the ciphertext and knows the corresponding >> plaintext as well." > > Even more important, in this particular case, is that this "practical > malleability attack" isn't actually very practical at all: > > "In the following I assume that we already have access to the > original plaintext and the ciphertext of one file on the system and > that we want to do our manipulations in this file:" Sure. On the other side, if you have "golden image" and all your company laptops are encrypted using the same plaintext in the beginning, this could be possible. Anyway, I do not think this attack is anything new - it is just real application of known facts on the one specific case. But it is worth to mention here. ... >> BTW blog doesn't mention that CBC is no longer default mode for cryptsetup >> and was replaced by XTS mode. > > The original post to f-d [0] that you forwarded does mention this: I meant this part: "When manually creating LUKS partitions, you should make sure to use XTS instead of CBC (which is still the default when running cryptsetup luksFormat without a cipher specification):" It is not default since 1.6.0 upstream version (and it was configurable even before for distro maintainers). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
