Re: Cryptoloop patch for builtin default passphrase

From: Bill Davidsen
Date: Wed Oct 27 2004 - 15:12:58 EST

Next message: Danny Brow: "SSH and 2.6.9"
Previous message: Kendall Bennett: "Re: [Linux-fbdev-devel] Re: Generic VESA framebuffer driver and Video card BOOT?"
In reply to: Nico Augustijn: "Re: Cryptoloop patch for builtin default passphrase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nico Augustijn wrote:

On Tue, Oct 26, 2004 at 08:17:53AM +0200, Jan Engelhardt wrote:

This here patch will make the kernel use a default passphrase (compiled

into

the kernel or cryptoloop.ko module) when you set up a cryptoloop device

with:

Suppose I break in via ssh:
I could load the module (if applicable), and find the address of the
function or variable in System.map, extract the static passphrase, and
well. Then?

Ahem.
The point you are making is rather moot. Because if you manage to get a
shell on the system, the data can readily be copied because the encrypted
filesystem is supposed to be mounted.
Unless I miss your point.

And once you are in the system there are easier ways to obtain the
passphrase than the one you described above. As I clearly stated earlier,
it is merely more difficult to obtain the encrypted data. It is _not_
impossible. It took me approximately 4 hours to break into the system
myself. I bet there's people around who can do it in less than 1 hour.

Some of you might then ask: "What's the point of it then anyway?"
Well, I am probably capable of creating a much better solution with almost
unbreakable encryption. My boss just won't allow me the time for this.
This patch took me about a day to write. It's the best I could come up
with in such a short time.

And this provides another level of protection, which makes it useful. It stops the casual thief who steals your laptop, and that's the most likely exposure. If you expect you system to be secure against government agencies or serious industrial espionage, this is pretty much worthless, better crypto would be needed, encrypted swap, etc.

--
-bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Danny Brow: "SSH and 2.6.9"
Previous message: Kendall Bennett: "Re: [Linux-fbdev-devel] Re: Generic VESA framebuffer driver and Video card BOOT?"
In reply to: Nico Augustijn: "Re: Cryptoloop patch for builtin default passphrase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]