On Fri, 2006-11-17 at 09:48 -0500, Jeff Layton wrote: > On Fri, 2006-11-17 at 07:24 -0700, Matthew Wilcox wrote: > > I *think* the xor mask is mere obfuscation. It looks likely that you can > > recover it with a little bit of trial and error. If you can force the > > filesystem to hand you back new inodes quickly such that there is a high > > probability you get consecutive allocations, you'll get a sequence which > > would be spaced 700-odd bytes apart, except that it's been xored. Since > > you know it's incrementing, if you see the sequence decrease, you'll > > know that was a 1 in that bit. > > I think you're right, the addresses would often be sequential, so this > is probably crackable. Wouldn't you only be able to only crack a few of the low-order bits due to a cluster of inodes being sequential? I don't think you'd be able crack enough of it to be useful. You may be able to determine where some inodes are relative to others, but I don't think you'd be able to point the their location in memory. I don't know anything about crypto, so I could be wrong. > I'll look over the md5 routines when I get the > chance, though if someone more cryptographically inclined than I has a > different suggestion, I'd love to hear it. > -- Jeff Shaggy -- David Kleikamp IBM Linux Technology Center - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
