From: Andi Kleen <ak@suse.de>
To: Jari Ruusu <jariruusu@users.sourceforge.net>
Cc: mahalcro@us.ibm.com, linux-kernel@vger.kernel.org
Subject: Re: Encrypted Filesystem
Date: Tue, 27 Jan 2004 19:44:57 +0100 [thread overview]
Message-ID: <20040127194457.5f4cf3c9.ak@suse.de> (raw)
In-Reply-To: <4016AB1F.9EF8F42@users.sourceforge.net>
On Tue, 27 Jan 2004 20:17:03 +0200
Jari Ruusu <jariruusu@users.sourceforge.net> wrote:
> > The biggest shortcomming in crypto loop is that you cannot change the
> > password easily. Doing so would require reencryption of the whole
> > volume and it is hard to do so in a crash safe way (or you risk loss
> > of the volume when the machine crashes during reencryption)
>
> Not true with loop-AES where changing password is either:
[...] My version of the loop tools also do all this correctly too. But the loop
most people seem to be using is as insecure as always. Congratulations
that you fixed it too.
Still considering the other points I think a stacked file system would
be far better (integrated meta data, separate keys for different files etc.)
Even though I invested quite some work into fixing loop I still think it's a bad
hack, not a real design.
> > The standard crypto loop uses
> > fixed IVs too which do not help against this.
>
> Not true. Mainline uses simple sector IV. SuSE twofish uses fixed IV which
> is even more vulnerable than mainline.
It's as as vunerable, but more stable. The mainline IVs are basically useless
for security purposes but broke on disk format compatibility all the time when
someone misguided decided again to "improve" the IV format in loop.c (happened far too
often in the past). In my own loop tools I used them with an hashed IV, added some
hacks for different IV versions as far as they were fixable and grumbingly converted
the disk format in one case.
[... encrypted swap using a random key for each session...]
Good point. I didn't think of that. Still it's a lot of overhead if you
only use crypto occassionally. With the tainted bit it would be possible to only encrypt
pages of processes that have been tainted or better not page them out at all.
-Andi
next prev parent reply other threads:[~2004-01-27 18:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <OFA97B290B.67DE842E-ON87256E27.0061728C-86256E27.0061BB0E@us.ibm.com.suse.lists.linux.kernel>
2004-01-27 16:13 ` Encrypted Filesystem Andi Kleen
2004-01-27 18:17 ` Jari Ruusu
2004-01-27 18:44 ` Andi Kleen [this message]
[not found] <16405.24299.945548.174085@laputa.namesys.com>
2004-01-26 19:02 ` Hans Reiser
2004-01-27 18:56 ` Edward Shishkin
2004-01-27 21:25 ` Michael Halcrow
2004-01-27 21:51 ` Hans Reiser
2004-01-26 17:46 Michael A Halcrow
2004-01-26 19:06 ` Mark Borgerding
2004-01-26 21:04 ` Felipe Alfaro Solana
2004-01-30 17:01 ` Pavel Machek
2004-01-27 0:06 ` jw schultz
2004-01-27 0:43 ` Adam Sampson
2004-01-27 1:42 ` Andy Isaacson
2004-01-27 22:01 ` Jan Harkes
2004-01-27 22:16 ` Jean-Luc Cooke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040127194457.5f4cf3c9.ak@suse.de \
--to=ak@suse.de \
--cc=jariruusu@users.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mahalcro@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox