dm-crypt and gpg

[Andrew Johnson <andrew@xxxxxxxx>]

Hi All,

I've been reading a lot of information regarding dm-crypt and crytoloop 
vulnerability to known-plaintext and watermark attacks.  I was wondering 
if the following dm-crypt setup method would solve the known-plaintext 
attack:

1. Encryption key generation and encryption using GPG:

head -c 32 /dev/urandom > secure.key
gpg -c --cipher-algo AES256 secure.key

2. Secure volume creation using dm-crypt:

/usr/bin/gpg -q --cipher-algo AES256 --decrypt secure.key.gpg | \
	/usr/local/bin/cryptsetup create secure_dev /dev/hdaX


The secure volume could then be mounted with:

/bin/mount /dev/mapper/secure_dev /mnt/secure

You could still compute a dictionary for a known-plaintext attack but 
being that the keylength is 256-bit and the key is essentially random 
(assuming good entropy from /dev/urandom) then the dictionary would be 
infeasibly large (perhaps even for a government organisation).

Questions:

1. Are there any problems with this method (apart from the danger of 
losing 'secure.key.gpg')?

2. What are the consequences of a section of the encrypted volume being 
corrupted? does dm-crypt use CBC or is each block encrypted individually 
resulting in only localised data loss through corruption?

3. Is it safe to use XFS with this setup?

4. I don't believe it does solve a watermark attack - what work-arounds 
would solve this?

Kind Regards,

Andrew

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/