[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announce loop-AES-v3.0b file/swap crypto package

To: linux-crypto@xxxxxxxxxxxx
Subject: Re: Announce loop-AES-v3.0b file/swap crypto package
From: Paul Wayper <paul.wayper@xxxxxxxxxx>
Date: Thu, 20 Jan 2005 10:43:32 +1100
In-reply-to: <41EDB92F.9070001@off.net>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: Australian National University
References: <41EAE36F.35354DDF@users.sourceforge.net> <41EB3E7E.7070100@tmr.com> <41EBD4D4.882B94D@users.sourceforge.net> <1105989298.14565.36.camel@ghanima> <20050117212647.GA3754@dantooine> <1106003492.17182.17.camel@ghanima> <41ECDBA9.8030005@off.net> <41ED2CF4.C6E4FC0B@users.sourceforge.net> <41EDB92F.9070001@off.net>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.9 (X11/20041113)

jerome etienne wrote:

Jari Ruusu wrote:
jerome etienne wrote:
3 years ago i published a paper describing how an attacker would be able to modify the content of the encrypted device without being detected. http://off.net/~jme/loopdev_vul.html
i was just curious about the current state of loop-aes. Is it still
vulnerable to this attack ?
so loopaes is still vulnerable to this 3-years old attack... but one minute before answering my email, you complained to somebody else that "Refusing to fix it for *years* counts as intentional backdoor." funny no :)

The one who isn't funny is you. This is all very tedious, meaningless pointscoring on an issue which is, actually, not very interesting to (I'd say) a lot of us on the list. I'm not partisan in this, I've just had to put up with you and Fruhwirth stirring up trouble for a couple of days and I'd like you to stop.

Though I'm not an expert on the code nor have I read through all the previous arguments, I'd say that your '3-year old attack' is not an attack on the loop-AES package nor something that patching it can fix. Otherwise, presumably, you'd have submitted a fix for it like a good Open Source Citizen. Since you don't seem to have done this, I can only assume you're just stirring up trouble. It sounds to me like your attack would work equally well on other crypto packages that don't guard the kernel and its tools from intruders.

I'm not interested in replies, since I don't want to waste any more time listening to this kind of one-upmanship.

Paul

--
-- Paul Wayper at ANU - +61 2 6125 0643


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: jerome etienne

References:
- Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Bill Davidsen
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Fruhwirth Clemens
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: markus reichelt
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Fruhwirth Clemens
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: jerome etienne
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: Jari Ruusu
- Re: Announce loop-AES-v3.0b file/swap crypto package
  - From: jerome etienne

Prev by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Next by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Previous by thread: Re: Announce loop-AES-v3.0b file/swap crypto package
Next by thread: Re: Announce loop-AES-v3.0b file/swap crypto package
Index(es):
- Date
- Thread