A weak cryptoloop implementation in Linux?
Posted Jan 22, 2004 13:29 UTC (Thu) by ballombe
In reply to: A weak cryptoloop implementation in Linux?
Parent article: A weak cryptoloop implementation in Linux?
[ I agree it is not a backdoor since it requires a dictionnary attack. ]
> Secondly, this does nothing at all for the attacker who wants to crack a
> single encrypted filesystem.
That's not true. This weakness allows to precompute the table without
more knowledge of the targeted system. At this point, the part of
the exploit that require access to the crypto-loop device can be carried
out very quickly.
The second problem: if someone is able to have a quick access to the
device, he just need to read a known plain-text sector. With that
knowledge he can try a dictionnary attack to recover the password without
Suppose you keep password-less SSH keys on a crypto-loop on a USB stick:
with the attack above, the crypto-loop will be broken in before you notice
the USB stick was stolen so you may not have time to disabled them before
they get used.
to post comments)