Re: [PATCH] Delete cryptoloop

From: Jari Ruusu
Date: Sun Jul 25 2004 - 12:25:45 EST

Next message: Kronos: "[2.6.8-rc2][XFS] Page allocation failure"
Previous message: Rutger Nijlunsing: "Re: is it really better speedstep-ich vs. p4-clockmod cpufreq driver?"
In reply to: Andreas Jellinghaus: "Re: [PATCH] Delete cryptoloop"
Next in thread: Fruhwirth Clemens: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fruhwirth Clemens wrote:
> On Sun, 2004-07-25 at 13:42, Jari Ruusu wrote:
> > Fruhwirth Clemens wrote:
> > > Second, modern ciphers like Twofish || AES are designed to resist
> > > known-plaintext attacks. This is basically the FUD spread by Jari Rusuu.
> >
> > Ciphers are good, but both cryptoloop and dm-crypt use ciphers in insecure
> > and exploitable way.
> >
> > This is not FUD. Fruhwirth, did you even try run the exploit code?
> >
> > http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
>
> There is no use in running your code. It does not decipher any block
> without the proper key.

So you never ran that. That explains a lot.

> Where is the exploit?

wget -O cryptoloop-exploit.tar.bz2 "http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&q=p3";

> Further the link you provide in the posting above is broken (as you
> already noticed). I tried at google cache, citeseer and the rest of
> Saarien's homepage. No success.

In short: exploit encodes watermark patterns as sequences of identical
ciphertexts.

> > Can you name implementation that your "key-truncated" version is compatible
> > with that existed _before_ your version appeared?. To my knowledge, that
> > key-truncated version is only compatible with itself, and there is no other
> > version that does the same.
>
> Actually there is a version: util-linux 2.12 official. But
> unfortunately, the official version truncates binary keys (at 0x00, 0x0a
> values), that's what my patch is for. cryptsetup handles keys the same
> way. So migration is easy, something which does not hold true for your
> strange util-linux patches.

Actually loop-AES' util-linux patch can used in mainline util-linux-2.12
compatible mode. Just specify passphrase hash type as unhashed2

But I was talking about your rmd160 compatibity with ancient mount versions
that used 160 bits of hash output + 96 zero bits. Last time I looked at your
compatibility code it used 128 bits of hash and 128 bits of zeroes.

--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kronos: "[2.6.8-rc2][XFS] Page allocation failure"
Previous message: Rutger Nijlunsing: "Re: is it really better speedstep-ich vs. p4-clockmod cpufreq driver?"
In reply to: Andreas Jellinghaus: "Re: [PATCH] Delete cryptoloop"
Next in thread: Fruhwirth Clemens: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]