From: Pavel Machek <pavel@suse.cz>
To: Andrea Arcangeli <andrea@novell.com>
Cc: Nigel Cunningham <ncunningham@linuxmail.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Chris Wright <chrisw@osdl.org>, Jeff Garzik <jgarzik@pobox.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: mlock(1)
Date: Thu, 30 Sep 2004 20:54:47 +0200 [thread overview]
Message-ID: <20040930185447.GC475@openzaurus.ucw.cz> (raw)
In-Reply-To: <20040930174244.GL22008@dualathlon.random>
Hi!
> > > > There must be some way of being able to check the password is correct
> > > > without compromising security by encrypting static text and storing it
> > > > at a known location! Darned if I know what it is though.
> > >
> > > good point! Maybe we can pick random signed chars in a 4k block and
> > > guarantee their sum is always -123456. Would that be secure against
> > > plaintext attack right? It's more like a checksum than a magic number,
> > > but it should be a lot more secure than the "double" typo probability
> > > (and this way the password will be asked only once during resume).
> > > Generating those random numbers will not be the easiest thing though.
> >
> > Actually, better solution probably is to encrypt 32-bit zero.
> >
> > Then, you have 1:2^32 probability of accepting wrong password, still
> > if you try to brute-force it, you'll find many possible passwords.
>
> this is just the first step an attacker needs to rule out all the
> impossible passwords and extend the crack to the other known bits. I
> don't think it's secure. My suggestion OTOH sounds completely secure
> (though much harder to implement).
Actually if your cipher is not resistant to known plaintext attack,
you have other problems anyway. There's a lot of nearly-lnown data
(like name of process with pid 1) that single 32bit zero is no problem.
So I'm not compromising anything...
Pavel
--
64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms
next prev parent reply other threads:[~2004-09-30 19:10 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-24 19:57 mlock(1) Jeff Garzik
2004-09-24 20:15 ` mlock(1) Neil Horman
2004-09-24 20:21 ` mlock(1) Neil Horman
2004-09-24 20:31 ` mlock(1) Lee Revell
2004-09-24 20:33 ` mlock(1) Jeff Garzik
2004-09-24 20:39 ` mlock(1) Lee Revell
2004-09-24 20:22 ` mlock(1) Chris Wright
2004-09-24 20:41 ` mlock(1) Chris Friesen
2004-09-24 20:46 ` mlock(1) Chris Wright
2004-09-24 20:54 ` mlock(1) Chris Friesen
2004-09-24 20:59 ` mlock(1) Chris Wright
2004-09-24 22:48 ` mlock(1) Ryan Cumming
2004-09-24 21:07 ` mlock(1) Alan Cox
2004-09-24 22:19 ` mlock(1) Chris Wright
2004-09-24 22:30 ` mlock(1) Jeff Garzik
2004-09-24 23:08 ` mlock(1) Chris Wright
2004-09-24 22:59 ` mlock(1) Andrea Arcangeli
2004-09-24 23:46 ` mlock(1) Nigel Cunningham
2004-09-25 1:07 ` mlock(1) Andrea Arcangeli
2004-09-25 1:21 ` mlock(1) David Lang
2004-09-25 1:30 ` mlock(1) Andrea Arcangeli
2004-09-25 1:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:15 ` mlock(1) Andrea Arcangeli
2004-09-25 2:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:58 ` mlock(1) Andrea Arcangeli
2004-09-25 3:29 ` mlock(1) Valdis.Kletnieks
2004-09-25 4:07 ` mlock(1) Andrea Arcangeli
2004-09-25 4:52 ` mlock(1) Valdis.Kletnieks
2004-09-25 17:15 ` mlock(1) Andy Lutomirski
2004-09-25 2:33 ` mlock(1) Bernd Eckenfels
2004-09-25 1:27 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Robert White
2004-09-28 22:15 ` mlock(1) Andrea Arcangeli
2004-09-28 23:26 ` mlock(1) Robert White
2004-09-29 1:16 ` mlock(1) Jon Masters
2004-09-29 1:23 ` mlock(1) Alan Cox
2004-09-29 3:46 ` mlock(1) Robert White
2004-09-29 12:34 ` mlock(1) Jon Masters
2004-09-29 15:57 ` mlock(1) Lee Revell
2004-09-29 22:56 ` mlock(1) Paul Jackson
2004-09-25 12:21 ` mlock(1) Nigel Cunningham
2004-09-25 14:53 ` mlock(1) Andrea Arcangeli
2004-09-28 8:48 ` mlock(1) Pavel Machek
2004-09-30 17:42 ` mlock(1) Andrea Arcangeli
2004-09-30 18:54 ` Pavel Machek [this message]
2004-09-30 19:17 ` mlock(1) Andrea Arcangeli
2004-09-30 19:52 ` mlock(1) Pavel Machek
2004-10-04 12:21 ` mlock(1) Jack Lloyd
2004-09-24 23:59 ` mlock(1) Bernd Eckenfels
2004-09-25 0:25 ` mlock(1) Nigel Cunningham
2004-09-25 1:18 ` mlock(1) Andrea Arcangeli
2004-09-27 6:16 ` mlock(1) Stefan Seyfried
2004-09-27 10:32 ` mlock(1) Nigel Cunningham
2004-09-27 14:29 ` mlock(1) Andrea Arcangeli
2004-09-27 20:32 ` mlock(1) Wolfgang Walter
2004-09-27 14:16 ` mlock(1) Andrea Arcangeli
2004-09-27 13:31 ` mlock(1) Alan Cox
2004-09-29 1:48 ` mlock(1) Andrea Arcangeli
2004-09-27 14:34 ` mlock(1) Stefan Seyfried
2004-09-27 15:07 ` mlock(1) Andrea Arcangeli
2004-09-27 15:25 ` mlock(1) Stefan Seyfried
2004-09-27 15:38 ` mlock(1) Andrea Arcangeli
2004-09-30 13:04 ` mlock(1) Pavel Machek
2004-09-27 22:22 ` mlock(1) Nigel Cunningham
2004-09-27 22:43 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Nigel Cunningham
2004-09-24 20:24 ` mlock(1) Chris Friesen
2004-09-24 21:17 ` mlock(1) Andrew Morton
2004-09-25 0:26 ` mlock(1) Chris Wright
2004-09-25 1:28 ` mlock(1) Andrew Morton
2004-09-25 1:33 ` mlock(1) Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040930185447.GC475@openzaurus.ucw.cz \
--to=pavel@suse.cz \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andrea@novell.com \
--cc=chrisw@osdl.org \
--cc=jgarzik@pobox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ncunningham@linuxmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox