Re: Keyfile Support for GRUBs LUKS - Vladimir 'φ-coder/phcoder' Serbinenko

grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed

From: "Vladimir 'φ-coder/phcoder' Serbinenko" <phcoder@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: Keyfile Support for GRUBs LUKS
Date: Wed, 20 Nov 2013 06:48:40 +0100	[thread overview]
Message-ID: <528C4D38.7050607@gmail.com> (raw)
In-Reply-To: <20131119234312.3e95e55e@crass-Ideapad-Z570>

[-- Attachment #1: Type: text/plain, Size: 594 bytes --]

On 20.11.2013 06:43, Glenn Washburn wrote:
> Modifying the cipher text just
> manifests as random data corruption of the plain text device, again not
> a security issue and nothing that signatures would prevent.
It's a security threat. Imagine you have somewhere a routine which
verifies SSH-key when connecting by network. Replace it with random
data. With some significant probability this decodes to valid opcodes
but which do no check. Now everyone can use your SSH.
encryption provides secrecy. Signatures provide verification. Using one
to achieve the other will always fail.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 291 bytes --]

next prev parent reply	other threads:[~2013-11-20  5:49 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-19 23:43 Keyfile Support for GRUBs LUKS Ralf Ramsauer
2013-11-20  1:31 ` Glenn Washburn
2013-11-20  1:55   ` Elliott Mitchell
2013-11-20  5:43     ` Glenn Washburn
2013-11-20  5:48       ` Vladimir 'φ-coder/phcoder' Serbinenko [this message]
2013-11-20  7:02         ` Glenn Washburn
2013-11-20  7:36           ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-11-21  5:57             ` Glenn Washburn
2013-11-25 10:38             ` Darren J Moffat
2013-11-20  6:42       ` Elliott Mitchell
2013-11-20  6:52         ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-11-20 21:08         ` Glenn Washburn
2013-11-21 15:31 ` Vladimir 'phcoder' Serbinenko
2013-11-21 19:34   ` Ralf Ramsauer
2013-11-22  3:01     ` Vladimir 'φ-coder/phcoder' Serbinenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=528C4D38.7050607@gmail.com \
    --to=phcoder@gmail.com \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).