[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announce loop-AES-v3.0b file/swap crypto package

To: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Announce loop-AES-v3.0b file/swap crypto package
From: jerome etienne <jme@xxxxxxx>
Date: Wed, 19 Jan 2005 01:34:39 +0000
Cc: linux-crypto@xxxxxxxxxxxx
In-reply-to: <41ED2CF4.C6E4FC0B@users.sourceforge.net>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <41EAE36F.35354DDF@users.sourceforge.net> <41EB3E7E.7070100@tmr.com> <41EBD4D4.882B94D@users.sourceforge.net> <1105989298.14565.36.camel@ghanima> <20050117212647.GA3754@dantooine> <1106003492.17182.17.camel@ghanima> <41ECDBA9.8030005@off.net> <41ED2CF4.C6E4FC0B@users.sourceforge.net>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040803)

Jari Ruusu wrote:

jerome etienne wrote:

3 years ago i published a paper describing how an attacker would be able
to modify the content of the encrypted device without being detected.
http://off.net/~jme/loopdev_vul.html

i was just curious about the current state of loop-aes. Is it still
vulnerable to this attack ?

so loopaes is still vulnerable to this 3-years old attack... but one minute before answering my email, you complained to somebody else that "Refusing to fix it for *years* counts as intentional backdoor." funny no :)

<joke> if the loop-aes users have the same logic than the loop-aes author, they should deduce that he intentionnally backdoored loop-aes. </joke>

i *obviously* dont believe it is true, it was just a funny bug.


Quote from loop-AES README file
"
Loop device encrypts data but does not authenticate ciphertext. In other
words, it delivers data privacy, but does not guarantee that data has not
been tampered with. Admins setting up encrypted file systems should ensure
that neither ciphertext, nor tools used to access ciphertext (kernel +
kernel modules, mount, losetup, and other utilities) can be trojaned or
tampered.
"

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Paul Wayper
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Christian Kujau

References:
- Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Bill Davidsen
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Fruhwirth Clemens
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: markus reichelt
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Fruhwirth Clemens
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: jerome etienne
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu

Prev by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Next by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Previous by thread: Re: Announce loop-AES-v3.0b file/swap crypto package
Next by thread: Re: Announce loop-AES-v3.0b file/swap crypto package
Index(es):
- Date
- Thread