Re: [PATCH] Delete cryptoloop

From: Fruhwirth Clemens
Date: Sun Jul 25 2004 - 16:00:44 EST

Next message: Roger Luethi: "Re: LTT user input"
Previous message: Frederik Himpe: "Re: 2.6.7-ck5: System hangs under constant load"
In reply to: Marc Ballarin: "Re: [PATCH] Delete cryptoloop"
Next in thread: Jari Ruusu: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2004-07-25 at 21:44, Marc Ballarin wrote:
> Fruhwirth Clemens <clemens-dated-1091642568.f246 <at> endorphin.org> writes:
>
> >
> > Probably I'm missing the point, but at the moment this looks like a
> > chosen plain text attack. As you know for sure, this is trivial. For
> > instance, AES asserts to be secure against this kind of attack. (See the
> > author's definition of K-secure..).
>
> It assures against key revovery through chosen plain text attacks. As written
> before, the purpose of this attack is not to break encryption, but to prove
> the existence of a file *known to* and *prepared by* the attacker.

If an attacker has some means to put a file on the encrypted hard disk,
I'm not considering it a big breakthrough if he can find out the
position of that file. I'm sure this information can be gained by
forensic block access pattern analysis anyway.

> The exploit generates a rather simple bit pattern with a size of 1024 bytes.
> When this pattern - the watermark - is encrypted, dm-crypt's output has some
> special properties - independent of cipher or key size.
> For example, encoding nr. 1, always produces a cyphertext block, where bytes
> 0-15 are equal to bytes 512-523.

I'm starting to wonder why this is called an attack. The results of this
``attack'' can't be used in any way. In the worst case, a cipher
text/plain text pair can be obtained. I'm repeating it one more time:
ciphers are designed to resist further attacks steaming from known-plain
text attacks.

Have a look at
http://clemens.endorphin.org/OnTheProblemsOfCryptoloop . That's an
attack!

> On dm-crypt's mailing list, I have given a description how this can be refined
> easily to improve reliability of detection and determine a file's layout on
> the encrypted volume.

I'm sorry, I consider this useless information.

--
Fruhwirth Clemens <clemens@xxxxxxxxxxxxx> http://clemens.endorphin.org

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Roger Luethi: "Re: LTT user input"
Previous message: Frederik Himpe: "Re: 2.6.7-ck5: System hangs under constant load"
In reply to: Marc Ballarin: "Re: [PATCH] Delete cryptoloop"
Next in thread: Jari Ruusu: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]