From: Alex Elsayed <eternaleye@gmail.com>
To: linux-btrfs@vger.kernel.org
Subject: Re: [RFC PATCH] Btrfs: add sha256 checksum option
Date: Mon, 01 Dec 2014 17:32:56 -0800 [thread overview]
Message-ID: <m5j4s9$jfj$2@ger.gmane.org> (raw)
In-Reply-To: m5j4e6$jfj$1@ger.gmane.org
Alex Elsayed wrote:
> Christoph Anton Mitterer wrote:
>
>> On Mon, 2014-12-01 at 16:43 -0800, Alex Elsayed wrote:
>>> including that MAC-then-encrypt is fragile
>>> against a number of attacks, mainly in the padding-oracle category (See:
>>> TLS BEAST attack).
>> Well but here we talk about disk encryption... how would the MtE oracle
>> problems apply to that? Either you're already in the system, i.e. beyond
>> disk encryption (and can measure any timing difference)... or you're
>> not, but then you cannot measure anything.
>
> Arguable. On a system with sufficiently little noise in the signal (say...
> systemd, on SSD, etc) you could possibly get some real information from
> corrupting padding on a relatively long extent used early in the boot
> process, by measuring how it affects time-to-boot.
To make this more concrete:
Alice owns the computer, and has root. /etc/shadow has the correct
permissions.
Eve has _an_ account, but does not have root - and she wants it.
For simplicity, let's presume this is a laptop, Alice and Eve are sisters,
and Eve wants to peek at Alice's diary.
Eve can boot into a livecd, selectively corrupt blocks, and get Alice to
unlock the drive for a normal boot.
With this, she can execute the padding oracle attack against /etc/shadow,
and deduce its contents.
The first rule of crypto is "Don't roll your own" largely because it is
_brutally_ unforgiving of minor mistakes.
next prev parent reply other threads:[~2014-12-02 1:33 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-24 5:23 [RFC PATCH] Btrfs: add sha256 checksum option Liu Bo
2014-11-24 5:23 ` [RFC PATCH] Btrfs-progs: support sha256 checksum algorithm Liu Bo
2014-11-24 8:23 ` [RFC PATCH] Btrfs: add sha256 checksum option Holger Hoffstätte
2014-11-24 18:55 ` Duncan
2014-11-24 19:34 ` John Williams
2014-11-25 10:30 ` Liu Bo
2014-11-25 10:52 ` Daniel Cegiełka
2014-11-25 23:17 ` John Williams
2014-11-26 12:50 ` Holger Hoffstätte
2014-11-26 17:53 ` John Williams
2014-11-25 10:28 ` Liu Bo
2014-11-24 20:07 ` Chris Mason
2014-11-24 20:58 ` Hugo Mills
2014-11-25 3:04 ` Qu Wenruo
2014-11-25 5:13 ` Zygo Blaxell
2014-11-25 11:30 ` Liu Bo
2014-11-26 13:36 ` Brendan Hide
2014-11-25 16:47 ` David Sterba
2014-11-25 19:45 ` Bardur Arantsson
2014-11-26 13:38 ` Brendan Hide
2014-11-26 13:58 ` Austin S Hemmelgarn
2014-12-01 18:37 ` David Sterba
2014-12-01 20:35 ` Austin S Hemmelgarn
2014-12-01 20:51 ` John Williams
2014-12-01 23:23 ` Alex Elsayed
2014-12-15 18:47 ` David Sterba
2014-11-25 16:39 ` David Sterba
2014-11-27 3:52 ` Liu Bo
2014-12-01 18:51 ` David Sterba
2014-11-29 20:38 ` Alex Elsayed
2014-11-29 21:00 ` John Williams
2014-11-29 21:07 ` Alex Elsayed
2014-11-29 21:21 ` John Williams
2014-11-29 21:27 ` Alex Elsayed
2014-12-01 12:39 ` Austin S Hemmelgarn
2014-12-01 17:22 ` John Williams
2014-12-01 17:42 ` Austin S Hemmelgarn
2014-12-01 17:49 ` John Williams
2014-12-01 19:28 ` Alex Elsayed
2014-12-01 19:34 ` Alex Elsayed
2014-12-01 20:26 ` Austin S Hemmelgarn
2014-12-01 19:58 ` John Williams
2014-12-01 20:04 ` Alex Elsayed
2014-12-01 20:08 ` Alex Elsayed
2014-12-01 20:46 ` John Williams
2014-12-01 22:56 ` Alex Elsayed
2014-12-01 23:05 ` Alex Elsayed
2014-12-01 23:37 ` John Williams
2014-12-01 23:46 ` Alex Elsayed
2014-12-02 0:03 ` John Williams
2014-12-02 0:15 ` Alex Elsayed
2014-12-02 0:30 ` John Williams
2014-12-02 0:34 ` Alex Elsayed
2014-12-02 0:11 ` John Williams
2014-12-01 23:48 ` John Williams
2014-12-02 0:06 ` Alex Elsayed
2014-12-02 0:10 ` Alex Elsayed
2014-12-02 0:16 ` John Williams
2014-12-02 0:28 ` Christoph Anton Mitterer
2014-12-02 0:43 ` Alex Elsayed
2014-12-02 0:53 ` Christoph Anton Mitterer
2014-12-02 1:25 ` Alex Elsayed
2014-12-02 1:32 ` Alex Elsayed [this message]
2014-11-30 22:51 ` Christoph Anton Mitterer
2014-11-30 22:59 ` Christoph Anton Mitterer
2014-11-30 23:05 ` Dimitri John Ledkov
2014-12-01 2:55 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='m5j4s9$jfj$2@ger.gmane.org' \
--to=eternaleye@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.