1 |
Alexander Skwar wrote: |
2 |
|
3 |
>Pupeno schrieb: |
4 |
> |
5 |
> |
6 |
>>On Wednesday 27 July 2005 20:54, Luigi Pinna wrote: |
7 |
>> |
8 |
>> |
9 |
> |
10 |
> |
11 |
> |
12 |
>>>I use the dm-crypt from the kernel.... |
13 |
>>> |
14 |
>>> |
15 |
>>I've read that it is unsecure |
16 |
>> |
17 |
>> |
18 |
> |
19 |
>Where? And how is it insecure? |
20 |
> |
21 |
> |
22 |
|
23 |
Some history: |
24 |
|
25 |
The original crypto-loop from 2.4 is very susceptible to watermark |
26 |
attacks, where the attacker can write known data to the disk, and look |
27 |
at the encrypted results, and then calculate the key from the two. |
28 |
Actually, the attacker doesn't even need to write data to the disk if he |
29 |
can make a good guess at what a particular block already contains, such |
30 |
as with filesystem superblocks. |
31 |
|
32 |
Dm-crypt has some protection against this by using the sector number of |
33 |
the disk as a IV (initial vector) for the hash. This makes the attack |
34 |
more difficult, but not impossible, because the sector number is very |
35 |
predictable. |
36 |
|
37 |
loop-AES can provide much more secure protection against watermark |
38 |
attacks in 'multi-key mode' by using a set of 64 keys that are rotated |
39 |
for the encryption. So an attacker must crack 64 keys, instead of just 1. |
40 |
|
41 |
So dm-crypt today provides the same level of security as loop-AES in |
42 |
single key mode, which as I already stated in a previous email, should |
43 |
be sufficient for most people. However, you did ask how it was |
44 |
insecure! :-) |
45 |
|
46 |
-Richard |
47 |
|
48 |
-- |
49 |
gentoo-user@g.o mailing list |