From: /dev/ph0b0s <phobos@panopticism.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Fwd: Practical malleability attack against CBC-Encrypted LUKS partitions
Date: Sun, 22 Dec 2013 18:07:24 -0500 [thread overview]
Message-ID: <20131222230724.GA1991@phobos.panopticism.net> (raw)
In-Reply-To: <52B76261.9080408@gmail.com>
On 12/22, Milan Broz wrote:
> Below is very nice example of another "Evil maid" type attacks,
> here directly applied to LUKS CBC disks.
>
> I think it clearly shows known rule:
> If you let your machine out of your sight, it is no longer your machine.
>
> What is important (and blog mentions it)
>
> "It has already been known for a long time that CBC does not prevent
> a malleability attack (targeted manipulation of encrypted data) given
> that the attacker can modify the ciphertext and knows the corresponding
> plaintext as well."
Even more important, in this particular case, is that this "practical
malleability attack" isn't actually very practical at all:
"In the following I assume that we already have access to the
original plaintext and the ciphertext of one file on the system and
that we want to do our manipulations in this file:"
There are a number of other assumptions and variables that must be "just right"
in order for this attack to have even a remote chance of working, e.g.:
"This code can be executed from a Live CD against the encrypted
partition of an Ubuntu 12.04 installation. The position of the
/bin/dash file needs to be adjusted by doing a reference
installation with the same disk layout on a sufficiently similar
hardware."
> BTW blog doesn't mention that CBC is no longer default mode for cryptsetup
> and was replaced by XTS mode.
The original post to f-d [0] that you forwarded does mention this:
"This code can be executed from a Live CD against the encrypted
partition of an Ubuntu 12.04 installation. The position of the
/bin/dash file needs to be adjusted by doing a reference
installation with the same disk layout on a sufficiently similar
hardware. [...] When choosing to encrypt the system with the Ubuntu
12.10 installer, the encryption is set up with mode aes-xts-plain64,
which is not vulnerable to this attack."
It's certainly interesting from a technical perspective but this is
simply not very feasible.
/p
[0]: http://archives.neohapsis.com/archives/fulldisclosure/2013-12/0187.html
next prev parent reply other threads:[~2013-12-22 23:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAH8yC8=i5x0My2ZMJrj8oikE8t6vQUGUX8WP2PC1uhO6HS=Mbw@mail.gmail.com>
2013-12-22 22:06 ` [dm-crypt] Fwd: Practical malleability attack against CBC-Encrypted LUKS partitions Milan Broz
2013-12-22 23:07 ` /dev/ph0b0s [this message]
2013-12-23 7:56 ` Milan Broz
2013-12-23 11:13 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131222230724.GA1991@phobos.panopticism.net \
--to=phobos@panopticism.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.