Ext4 encryption

Posted Apr 9, 2015 10:47 UTC (Thu) by Trou.fr (subscriber, #26289)
Parent article: Ext4 encryption

I am concerned that the proposal doesn't include authentication of encrypted data. Filesystems have way more flexibility than whole disk encryption scheme. While AES-GCM is not directly usable in such context, it can be adapted and used (as ZFS does : https://blogs.oracle.com/darren/entry/zfs_encryption_what...) to provide authentication.

Note that not authenticating data opens to pretty serious attacks : by (blindly) modifying binaries in a correct way, one can get root access to the system once booted.

So I guess this proposal needs more work before the devs commit to an on-disk format with such limitations.

Ext4 encryption

Posted Apr 9, 2015 22:17 UTC (Thu) by reubenhwk (guest, #75803) [Link]

I was wondering the same thing. Encryption is good, but using encryption wrong is very bad. It gives a false sense of security.

Without using some sort of Message Authentication Code (MAC), they may as well not use encryption at all.

Ext4 encryption

Posted Apr 10, 2015 22:08 UTC (Fri) by mhalcrow (guest, #17371) [Link]

The design and Jonathan's writeup both make the adversarial model for the current incarnation of this feature clear. When facilities are in place to allow us to implement encryption with integrity reliably and efficiently, we'll be able to incorporate that into what we've already built. We shouldn't hold up the existing functionality for the existing declared adversarial model in the meantime.