Re: Key derivation and passprhase wrapping

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tyler Hicks <tyhicks@canonical.com>
To: Wiebe Cazemier <wiebe@halfgaar.net>
Cc: ecryptfs@vger.kernel.org
Subject: Re: Key derivation and passprhase wrapping
Date: Tue, 19 Jan 2016 21:05:57 -0600	[thread overview]
Message-ID: <20160120030556.GC5623@boyd> (raw)
In-Reply-To: <676716416.231851.1453112857325.JavaMail.zimbra@halfgaar.net>

[-- Attachment #1: Type: text/plain, Size: 2378 bytes --]

On 2016-01-18 11:27:37, Wiebe Cazemier wrote:
> Hi, 
> 
> I was looking at the ecryptfs source code, and saw that the actual
> encryption key inserted into the kernel keyring is the *original*
> wrapped passphrase, SHA512'ed 65536 times. Why is a user-given
> passphrase encrypted as key, and not data from /dev/random?

This assumes that the mount.ecryptfs helper is used and not the
mount.ecryptfs_private helper.

mount.ecryptfs does key stretching (SHA512 * 65536) on a user-provided
passphrase and uses that as the file encryption key encryption key
(FEKEK). This keeps things simple so that the only thing a user needs to
access their encrypted files is the passphrase. There's no chance of
losing track of a file containing a wrapped FEKEK that is randomly
generated. However, mount.ecryptfs could be extended to make use of
wrapped, randomly generated FEKEK which would provide a more secure
option.

> I unwrapped the passphrase on my Linux Mint system and saw it is
> actually a random string, so the Ubuntu/Mint installer took care of it
> for me. But why is that responsibility given to the user / outside
> world?

All of the logic that set up that random FEKEK is in upstream
ecryptfs-utils. The confusion is probably caused by the unfortunate
split between the mount.ecryptfs and mount.ecryptfs_private helpers.

> One of the problems is that I can't change it. Had I made a
> ecryptfs archive myself and wrapped 'hello' as passphrase, that weak
> key will be used and cannot be changed by rewrapping.
> 
> Would it be possible/feasible to do something like:
> 
> * generate random encryption key A for insertion into kernel keyring.
> * derive encryption key B from password with 'generate_passphrase_sig(...)' to encrypt key A.
> * In v2 wrapped passphrase file, Octets 26-N1, store encrypted A, instead of encrypted passphrase.

I'm not following the intent here. You're wanting to change the FEKEK
that the Ubuntu/Mint installer generated?

Tyler

> 
> Depending on how it's implemented, it could even be done completely backwards compatible (by ignoring the to-wrap passphrase).
> 
> Regards,
> 
> Wiebe
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

next prev parent reply	other threads:[~2016-01-20  3:06 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <794484591.224591.1452104561446.JavaMail.zimbra@halfgaar.net>
2016-01-18 10:27 ` Key derivation and passprhase wrapping Wiebe Cazemier
2016-01-20  3:05   ` Tyler Hicks [this message]
2016-01-20 19:51     ` Wiebe Cazemier
2016-01-20 20:03       ` Wiebe Cazemier
2016-01-29 22:57         ` Tyler Hicks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160120030556.GC5623@boyd \
    --to=tyhicks@canonical.com \
    --cc=ecryptfs@vger.kernel.org \
    --cc=wiebe@halfgaar.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.