CFS vs. loopback encryption (was Re: [open-source] File encryption)
Ian Goldberg
ian at cypherpunks.ca
Tue Feb 12 09:37:09 EST 2002
On Mon, 2002-02-11 at 20:55, Jerome Etienne wrote:
> for information, i released a text which describes a security hole in
> the encrypted loop device for linux. Because of it an
> attacker is able to modify the content of the encrypted device
> without being detected. This text proposes to fix the hole by
> authenticating the device.
>
> the text can be found in http://www.off.net/~jme/loopdev_vul.html
I'm not sure I believe that that's the right threat model. If an
attacker can modify your encrypted device and return it to you without
your knowledge, surely he could more easily just patch your losetup to
record your passphrase, or replace AES with the identity transform,
or something more fundamental like that?
Once the attacker gets root or physical control over your device, I'd be
hard-pressed to consider it part of your TCB any more.
That being said, if your encrypted device *isn't* part of your TCB,
you do have a good point. If you make an encrypted filesystem out of
an NFS-mounted file, say (I'm not sure this is actually possible),
or a removable disk, then what you point out is really important.
Many people use an encrypted filesystem in case the machine is lost or
stolen; once the machine transitions from being in your TCB to out of
it, I don't think it can come back in very easily.
- Ian
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list