From: Fruhwirth Clemens <clemens-dated-1091536908.31f8@endorphin.org>
To: James Morris <jmorris@redhat.com>,
Christophe Saout <christophe@saout.de>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Delete cryptoloop
Date: Sat, 24 Jul 2004 14:41:46 +0200 [thread overview]
Message-ID: <1090672906.8587.66.camel@ghanima> (raw)
In-Reply-To: <Pine.LNX.4.58.0407211609230.19655@devserv.devel.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2774 bytes --]
On Wed, 2004-07-21 at 22:16, James Morris wrote:
> This patch deletes cryptoloop, which is buggy, unmaintained, and
> reportedly has mutliple security weaknesses. Dropping cryptoloop should
> also help dm-crypt receive more testing and review.
Short version:
Remove cryptoloop || mark as deprecated.
Long version:
First, dm-crypt and cryptoloop share the same on-disk format. There is
absolutely no security gain by switching to dm-crypt.
Second, modern ciphers like Twofish || AES are designed to resist
known-plaintext attacks. This is basically the FUD spread by Jari Rusuu.
But, due to a recent discussion on sci.crypt, I have been convinced that
there is in fact a security gain by obscuring the IV. To be precise, if
an attacker is able to find two identical cipher blocks on disk, he will
be able to deduce the plain text difference. The chance p that two
blocks are equal is p=1/2^128 for 128 bit block ciphers. If one of these
blocks happens to be zero this is quite bad. The chance that there are
no identical cipher blocks on a disk is given by p^(n(n-1)/2) with n =
numbers of sectors on disk. Anyone with a little bit math intuition can
see this terms will approach 0 quite quick. So it is likely that some
information is revealed.
This situation will not be cured by switching to dm-crypt, since
dm-crypt suffers from the same kind of problem. Although personally, I
neglect this security threat.
However, I do recommend that cryptoloop is removed from the kernel || is
declared deprecated for the following reasons:
- There is no suitable user space tool ready to use it. util-linux has
been broken ever since. My patch key-trunc-fix patch has to be applied
to make any use of losetup. Further I'm not going to submit patches to
this project to fix user space problems (see below)
- I'm not going to submit patches to cure the security problems of
cryptoloop pointed out in the first few paragraphs,
- dm-crypt is a stable alternative and can be easily immigrated to with
the help of my little lotracker tool:
http://clemens.endorphin.org/lo-tracker
So much for cryptoloop.
I'd like to point out that in the most cases the key deduction scheme is
more likely the weakest component in a hard disk encryption setup. For
those interested: http://clemens.endorphin.org/TKS1-draft.pdf points to
the problems connect with HD encryption. This paper is the groundwork
for my Linux Unified Key Setup project http://clemens.endorphin.org/LUKS
. Here, you will find patches for cryptsetup (the losetup equivalent to
losetup). I'm working with Christophe Saout to integrate LUKS into
cryptsetup in the near future.
Regards,
--
Fruhwirth Clemens <clemens@endorphin.org> http://clemens.endorphin.org
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-07-24 12:41 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-21 20:16 [PATCH] Delete cryptoloop James Morris
2004-07-21 23:44 ` David S. Miller
2004-07-22 6:00 ` Andrew Morton
2004-07-22 3:30 ` James Morris
2004-07-22 7:43 ` Matthias Urlichs
2004-07-22 14:14 ` H. Peter Anvin
2004-07-22 14:58 ` Jack Lloyd
2004-07-28 20:24 ` David Wagner
2004-07-29 0:27 ` James Morris
2004-07-29 15:50 ` Christophe Saout
2004-07-29 21:15 ` David Wagner
2004-07-30 13:13 ` Christophe Saout
2004-07-31 0:44 ` David Wagner
2004-07-31 2:05 ` Matt Mackall
2004-07-31 17:29 ` Marc Ballarin
2004-08-02 22:54 ` David Wagner
2004-08-02 23:16 ` James Morris
2004-08-07 16:27 ` Jean-Luc Cooke
2004-07-22 4:26 ` dpf-lkml
2004-07-22 5:22 ` James Morris
2004-07-22 11:58 ` Paul Rolland
2004-07-22 20:40 ` Martin Schlemmer
2004-07-22 8:46 ` Andrew Morton
2004-07-22 6:13 ` Dale Fountain
2004-07-22 6:47 ` Tim Connors
2004-07-22 15:02 ` Petr Baudis
2004-07-22 11:36 ` Aiko Barz
2004-07-24 15:11 ` Andreas Jellinghaus
2004-07-24 15:53 ` gadgeteer
2004-07-29 16:12 ` Andries Brouwer
2004-07-29 17:23 ` James Morris
2004-07-29 19:48 ` Andries Brouwer
2004-07-22 22:13 ` Bill Davidsen
2004-07-24 12:41 ` Fruhwirth Clemens [this message]
2004-07-24 16:52 ` Andrew Morton
2004-07-24 14:08 ` Andreas Henriksson
2004-07-24 19:54 ` Paul Jackson
2004-07-27 20:02 ` Bill Davidsen
2004-07-25 11:42 ` Jari Ruusu
2004-07-25 13:24 ` Fruhwirth Clemens
2004-07-25 15:24 ` Marc Ballarin
2004-07-25 16:57 ` Andreas Jellinghaus
2004-07-25 17:25 ` Jari Ruusu
2004-07-25 18:02 ` Fruhwirth Clemens
2004-07-25 19:09 ` Lee Revell
2004-07-25 19:15 ` Fruhwirth Clemens
2004-07-25 19:44 ` Marc Ballarin
2004-07-25 20:58 ` Fruhwirth Clemens
2004-07-26 10:54 ` Jari Ruusu
2004-07-26 12:45 ` Fruhwirth Clemens
2004-07-26 18:11 ` Jari Ruusu
2004-07-26 22:59 ` Fruhwirth Clemens
2004-07-26 20:01 ` Matt Mackall
[not found] ` <fa.edslbgp.q763qd@ifi.uio.no>
2004-07-27 8:40 ` Junio C Hamano
2004-07-27 8:53 ` Matt Mackall
2004-07-27 10:10 ` Marc Ballarin
2004-07-26 22:04 ` Marc Ballarin
2004-07-27 19:56 ` Bill Davidsen
[not found] <2kMAw-rl-15@gated-at.bofh.it>
2004-07-22 19:44 ` Pascal Brisset
-- strict thread matches above, loose matches on Subject: below --
2004-07-23 10:59 Thomas Habets
[not found] <2kvT4-5AY-1@gated-at.bofh.it>
[not found] ` <2kC85-1AH-11@gated-at.bofh.it>
[not found] ` <2kDxa-2sB-1@gated-at.bofh.it>
[not found] ` <2kECW-3a0-7@gated-at.bofh.it>
2004-07-23 12:34 ` Walter Hofmann
2004-07-23 14:01 ` Kevin Corry
2004-07-23 18:20 ` Christophe Saout
2004-07-27 19:47 ` Bill Davidsen
2004-07-23 12:50 mattia
2004-07-26 7:13 Adam J. Richter
2004-07-30 8:43 Markku-Juhani O. Saarinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1090672906.8587.66.camel@ghanima \
--to=clemens-dated-1091536908.31f8@endorphin.org \
--cc=akpm@osdl.org \
--cc=christophe@saout.de \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox