RE: DES and IDEA in the kernel _very_ broken! (was: DES code in the kernel)

Phillip (
Tue, 23 Jul 1996 05:43:06 +0000 (GMT)


Uh, Just a tought, but WHEN the des key problem gets fixed, how would one
change the key (from 000...) ?

On Thu, 18 Jul 1996, Ray Van Tassle-CRV004 wrote:

> In article <>,
> Kernel Mailing List <> wrote:
> >
> >
> >I recently desired to set up an encrypted file system in a file via the
> >loop device. I downloaded the package des.1.tar.gz and followed the
> >instructions for installing it in my 2.0.0 kernel including touching the
> >files mentioned (des.c and des.h) problem is it doesn't compilein, I took
> >a look back at des.c and saw that it did not have a des.o file after
> >building so I added des.o to the list of object files to link into
> >kernel.o in the kernel dirctories Makefile. This time remaking the kernel
> >generated a .o file in that directory however attempting to execute
> >something like:
> >
> >losetup -e des /dev/loop0 test
> >on a 1 meg file called test full of nulls gives:
> >Password:
> >Init (up to 16 hex digits):
> >ioctl: LOOP_SET_STATUS: Invalid argument
> >#
> >
> >i enter the password and initialization digits but no banana. The same
> >procedure without -e des works (of course the file system is not block
> >ciphered like I'd like it)
> >
> >
> >
> The DES and IDEA code available now is very, very broken. The DES code
> in the kernel ignores your key and always uses a key of all 0 bits
> (which is a weak key in DES, to boot). It also uses the weak PCBC
> mode. The IDEA code uses ECB mode (which gives away patterns in the file),
> and the code in mount that creates the password only uses the _first byte_
> of your entered password.
> I've made fixes to DES and IDEA so that they use CBC mode, with IV based on
> the block number. I've also fixed mount so that it uses SHA1 to create
> the actual encryption keys from your pass phrase. This morning, I got
> steganography working (hide a filesystem in the low bits of an audio file).
> However, I'm still getting very odd problems when I try to layer an
> encrypted filesystem over a stego filesystem (hide an encrypted filesystem
> in the low bits of an audio file). I'll keep looking at that.
> It's _very_ important that this gets fixed in the kernel soon. People who
> are using the current DES code and think they're getting security are just
> wrong.
> - Ian

- --------------------------------------------------------------------------------
"A power so great, it can only be used for Good or Evil!"
-- Firesign Theatre, "The Giant Rat of Summatra"

- --------------------------- -----------------------------------

Version: 2.6.2