RE: DES and IDEA in the kernel _very_ broken! (was: DES code in the kernel)

Phillip (root@adam.sp.org)
Tue, 23 Jul 1996 05:43:06 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: root: "Re: Subject: Re: 2.0 vs 1.2 and INN config."
Previous message: Matthew X Economou: "Using a terminal device as console."
In reply to: Hubert A. Bahr: "Stablilizing execution time?"

-----BEGIN PGP SIGNED MESSAGE-----

Uh, Just a tought, but WHEN the des key problem gets fixed, how would one
change the key (from 000...) ?

On Thu, 18 Jul 1996, Ray Van Tassle-CRV004 wrote:

> In article <Pine.LNX.3.93.960715113812.8471A-100000@paranoid.cdrom.com>,
> Kernel Mailing List <kernel@paranoid.cdrom.com> wrote:
> >
> >
> >I recently desired to set up an encrypted file system in a file via the
> >loop device. I downloaded the package des.1.tar.gz and followed the
> >instructions for installing it in my 2.0.0 kernel including touching the
> >files mentioned (des.c and des.h) problem is it doesn't compilein, I took
> >a look back at des.c and saw that it did not have a des.o file after
> >building so I added des.o to the list of object files to link into
> >kernel.o in the kernel dirctories Makefile. This time remaking the kernel
> >generated a .o file in that directory however attempting to execute
> >something like:
> >
> >losetup -e des /dev/loop0 test
> >on a 1 meg file called test full of nulls gives:
> >Password:
> >Init (up to 16 hex digits):
> >ioctl: LOOP_SET_STATUS: Invalid argument
> >#
> >
> >i enter the password and initialization digits but no banana. The same
> >procedure without -e des works (of course the file system is not block
> >ciphered like I'd like it)
> >
> >
> >
>
> The DES and IDEA code available now is very, very broken. The DES code
> in the kernel ignores your key and always uses a key of all 0 bits
> (which is a weak key in DES, to boot). It also uses the weak PCBC
> mode. The IDEA code uses ECB mode (which gives away patterns in the file),
> and the code in mount that creates the password only uses the _first byte_
> of your entered password.
>
> I've made fixes to DES and IDEA so that they use CBC mode, with IV based on
> the block number. I've also fixed mount so that it uses SHA1 to create
> the actual encryption keys from your pass phrase. This morning, I got
> steganography working (hide a filesystem in the low bits of an audio file).
> However, I'm still getting very odd problems when I try to layer an
> encrypted filesystem over a stego filesystem (hide an encrypted filesystem
> in the low bits of an audio file). I'll keep looking at that.
>
> It's _very_ important that this gets fixed in the kernel soon. People who
> are using the current DES code and think they're getting security are just
> wrong.
>
> - Ian
> [25;1H[K

- --------------------------------------------------------------------------------
"A power so great, it can only be used for Good or Evil!"
-- Firesign Theatre, "The Giant Rat of Summatra"

- --------------------------- -----------------------------------
pj22298@xx.acs.appstate.edu http://xx.acs.appstate.edu/~pj22298

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfRmdAxVIXeuPUw9AQH3qAf9E7Pku8wx4Qo9tzdy096UPOfU6h2tV2RI
OU1rZX0AE3RhZaAKc3+EH9a1IIOJpLUz/PwbXGto7oDqmriVBg4yV+8MRbDxeaMF
0qG9v2MoxkRUI8YLcHh8bP7eI8G6S0DxBDt4f93AkyPql/fMInzwedLXB7CrUz/a
cockbmHpfZGFDXO3ChCESO2kZr3AZFt9jC5Nnh0kCU3zsDsSe7uZlXEdu764j3FF
rrd19rPypGUC1RMt+B6YJf1uufsjcrpnJv5o+4xQFeR2+GbhbGrosYV5HNCVP/Dd
Z0FVTte/hZnsyaSC8LwzWdQCrWkX+zqWcz1gRaCesFJMBihAPv9eTA==
=3Tiq
-----END PGP SIGNATURE-----

Next message: root: "Re: Subject: Re: 2.0 vs 1.2 and INN config."
Previous message: Matthew X Economou: "Using a terminal device as console."
In reply to: Hubert A. Bahr: "Stablilizing execution time?"