[10453] in cryptography@c2.net mail archive
Re: CFS vs. loopback encryption (was Re: [open-source] File
daemon@ATHENA.MIT.EDU (Ian Goldberg)
Tue Feb 12 15:51:49 2002
From: Ian Goldberg <ian@cypherpunks.ca>
To: jme@off.net
Cc: cryptography@wasabisystems.com, iang@abraham.cs.berkeley.edu,
ncb@pobox.com
In-Reply-To: <20020211205520.A854@long-haul.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 12 Feb 2002 09:37:09 -0500
Message-Id: <1013524629.31460.50.camel@janus.paip.net>
Mime-Version: 1.0
On Mon, 2002-02-11 at 20:55, Jerome Etienne wrote:
> for information, i released a text which describes a security hole in
> the encrypted loop device for linux. Because of it an
> attacker is able to modify the content of the encrypted device
> without being detected. This text proposes to fix the hole by
> authenticating the device.
>
> the text can be found in http://www.off.net/~jme/loopdev_vul.html
I'm not sure I believe that that's the right threat model. If an
attacker can modify your encrypted device and return it to you without
your knowledge, surely he could more easily just patch your losetup to
record your passphrase, or replace AES with the identity transform,
or something more fundamental like that?
Once the attacker gets root or physical control over your device, I'd be
hard-pressed to consider it part of your TCB any more.
That being said, if your encrypted device *isn't* part of your TCB,
you do have a good point. If you make an encrypted filesystem out of
an NFS-mounted file, say (I'm not sure this is actually possible),
or a removable disk, then what you point out is really important.
Many people use an encrypted filesystem in case the machine is lost or
stolen; once the machine transitions from being in your TCB to out of
it, I don't think it can come back in very easily.
- Ian
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
