Re: inner workings of block mode encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ralf Ramsauer wrote, On 02/08/2015 03:22 PM:
Hi,

maybe you should start here:
https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

On 02/08/2015 03:06 PM, U.Mutlu wrote:
Hi,
I'm interessted in the inner workings of encrypting block devices
like the encrypted volumes created with the cryptsetup tool.

Let's say a file of size 200K is stored on an encrypted ext2 filesystem.
How is the enrcyption key applied to it?
To sum it up:
cryptsetup is independent of the overlying filesystem and does not care
about it.
It just acts as a "mapper" and creates a new block device which
represents plain text data.
You can use this device for any purpose of your choice: create a
filesystem on it, use it as a LVM Volume, ....

I guess the password is used only for accessing/mounting the volume,
and the key is only a starting value (ie. a "seed") for the underlying
cipher.
You can use a passphrase or a keyfile with cryptsetup LUKS.
This key is applied to a key derivation function which derives an
intermediate key which is used for decrypting a key slot which contains
the actual master-key for decrypting your volume.
This key slot or "lock box" concept opens the possibility that several
key files or passphrases may unlock the volume.
The material which is needed for decrypting the device is located in the
LUKS header. See FAQ.

Since in these cases usually a blockwise operating cipher is used,
that means that the file will be encrypted of course blockwise,
for example in blocks of 32 bytes.
Yes, almost.
dm-crypt uses a sector size of (correct me if i'm wrong) 512 Byte which
means that every sector of 512 Byte gets en/decrypted independently.
The encryption of each sector is parameterized by an initialization
vector which may be influenced by the logical number of the sector.

Now the question: are the blocks of that file all encrypted using the
same one key? Or does a kind of "streaming" or HMAC get used for the
subsequent blocks of the file?
Well yes and no.
Yes, the same key is used for all sectors of the volume and no, dm-crypt
does not use HMAC to generate key streams.

Hmm. IMO this is the major weak point of such static/symmetric crypto solutions.
Knowing just one cleartext file, for example a well known static
system file from the /etc directory, and its encrpted data, could
easily lead to the master key (assuming the encrypted volume
contains such system files).

OTOH, a streaming crypto solution (I think also called 'asymmetric'),
ie. where each block gets encrypted with a new key derived from
the previous/initial key together with xoring with varying parts
of the user data in the block, would IMO make up a much more secure crypto solution.

Just imagine: if you'd like to access the last sector of your volume
you'd have to generate the whole key stream which would probably take a
long time.

Yes, true, but I think this problem could be somehow solved.


cheers
   Ralf

--
cu
Uenal


_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux