User: Password:
Subscribe / Log in / New account

A weak cryptoloop implementation in Linux?

A weak cryptoloop implementation in Linux?

Posted Jan 22, 2004 13:29 UTC (Thu) by ballombe (subscriber, #9523)
In reply to: A weak cryptoloop implementation in Linux? by ekj
Parent article: A weak cryptoloop implementation in Linux?

[ I agree it is not a backdoor since it requires a dictionnary attack. ]

> Secondly, this does nothing at all for the attacker who wants to crack a
> single encrypted filesystem.

That's not true. This weakness allows to precompute the table without
more knowledge of the targeted system. At this point, the part of
the exploit that require access to the crypto-loop device can be carried
out very quickly.

The second problem: if someone is able to have a quick access to the
device, he just need to read a known plain-text sector. With that
knowledge he can try a dictionnary attack to recover the password without
more access.

Suppose you keep password-less SSH keys on a crypto-loop on a USB stick:
with the attack above, the crypto-loop will be broken in before you notice
the USB stick was stolen so you may not have time to disabled them before
they get used.

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds