Alexander Skwar wrote:
Pupeno schrieb:
On Wednesday 27 July 2005 20:54, Luigi Pinna wrote:
I use the dm-crypt from the kernel....
I've read that it is unsecure
Where? And how is it insecure?
Some history:
The original crypto-loop from 2.4 is very susceptible to watermark
attacks, where the attacker can write known data to the disk, and look
at the encrypted results, and then calculate the key from the two.
Actually, the attacker doesn't even need to write data to the disk if he
can make a good guess at what a particular block already contains, such
as with filesystem superblocks.
Dm-crypt has some protection against this by using the sector number of
the disk as a IV (initial vector) for the hash. This makes the attack
more difficult, but not impossible, because the sector number is very
predictable.
loop-AES can provide much more secure protection against watermark
attacks in 'multi-key mode' by using a set of 64 keys that are rotated
for the encryption. So an attacker must crack 64 keys, instead of just 1.
So dm-crypt today provides the same level of security as loop-AES in
single key mode, which as I already stated in a previous email, should
be sufficient for most people. However, you did ask how it was
insecure! :-)
-Richard
--
gentoo-user@gentoo.org mailing list
