[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distinguishability of encrypted partition

To: linux-crypto@xxxxxxxxxxxx
Subject: Re: Distinguishability of encrypted partition
From: Florian Reitmeir <fr@xxxxxxxxx>
Date: Mon, 19 Jun 2006 13:27:27 +0200
In-reply-to: <20060619080338.97301.qmail@web54004.mail.yahoo.com>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-followup-to: linux-crypto@nl.linux.org
References: <Pine.NEB.4.64.0606141803410.956@vaio.testbed.de> <20060619080338.97301.qmail@web54004.mail.yahoo.com>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mutt/1.5.11

Hi,

On Mon, 19 Jun 2006, Phil H wrote:
> Thanks for the replies - only just saw them since my yahoo bulk folder is so full of junk.

> I suppose I was thinking of watermark-type attacks, showing there actually is a filesystem in that randomness (my understanding is that v3.x loop-aes should be immune to these?), or some type of mathematical investigation designed to show the partition has not been recently overwritten by shred or somesuch but has a suspicious form of "randomness" (if such an investigation exists that is). 

i'cant help it, but i think the discussion about possible watermark attempts
on are disk useless.

Watermark attempts has to assume the cipher/modes you use... 

Normally there is enough evidence on a PC/Laptop that there is Crypto..
somewhere is a kernel with initrd, and normally such a pc asks for a password
after boot.

Not to mention the rest of the computer hardware, like the SMART-disk log
which counts nicely how mant houres the drive was used, how many errors
happend, and maybe makes some read/write stats.

Much more interessting would it be to work on support for PKCS#11 USB tokens
to get rid of the user-password. Only a minority boot from an crypto disk, so a
trojan or "other" software can easily sniff your password (with X11 this is
really very simple).

> So my initial assumption was probably correct - it's the extraneous factors (fstab,  having encryption software, etc) that probably remain the practical indicators.

> Christian Kujau <evil@xxxxxxxxxx> wrote: On Wed, 14 Jun 2006, Florian Reitmeir wrote:
> > "The" evils have much simpler ways to "crack" your security, a common
> > way (rumors) is, that
> >
> > - "they" grab all your computer staff
> > - see its encrypted
> 
> s/see/assume/  ...as they can't be sure and probably won't hire a 
> cryptoexpert to prove this, methinks.
> 
> > - return the computer
> > - ... with an keylogger, small on the mainboard/keyboard/usb-bus/...
> > - then, come about 2 weeks/months later again
> 
> there we go again: triple-aes-1024 won't help if the cryptosystem is lame

-- 
Florian Reitmeir

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Re: Distinguishability of encrypted partition
  - From: Peter_22

References:
- Re: Distinguishability of encrypted partition
  - From: Christian Kujau
- Re: Distinguishability of encrypted partition
  - From: Phil H

Prev by Date: Re: Distinguishability of encrypted partition
Next by Date: Re: Re: Distinguishability of encrypted partition
Previous by thread: Re: Distinguishability of encrypted partition
Next by thread: Re: Re: Distinguishability of encrypted partition
Index(es):
- Date
- Thread