From linux-crypto-bounce@nl.linux.org Mon Oct 03 00:06:03 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EMBy4-0006fe-Ol; Mon, 03 Oct 2005 00:06:00 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 03 Oct 2005 00:05:18 +0200 (CEST) Received: from zproxy.gmail.com ([64.233.162.203]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EMBx4-0003yB-6z for linux-crypto@nl.linux.org; Mon, 03 Oct 2005 00:04:58 +0200 Received: by zproxy.gmail.com with SMTP id n29so202969nzf for ; Sun, 02 Oct 2005 15:04:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=MrrP3+98WknKuliYKPvUGTHIG45QOT1N7fPQ78291mjJsuC6QNtm3RV3+rwRzl20gdAB9kEQoq3BLL1Omf5WXAu/zG4bSKLaGLDYQjcyu6Ss+YR9WfJoEZhS3vYqj21k5pGNLrkv/mXH5jygK0TMhTtKEvw3eDc7mAuYP5IOyAo= Received: by 10.36.18.7 with SMTP id 7mr315332nzr; Sun, 02 Oct 2005 15:04:23 -0700 (PDT) Received: from ?192.168.2.123? ( [69.229.126.159]) by mx.gmail.com with ESMTP id 36sm3452579nza.2005.10.02.15.04.22; Sun, 02 Oct 2005 15:04:22 -0700 (PDT) Message-ID: <43405965.10304@gmail.com> Date: Sun, 02 Oct 2005 15:04:21 -0700 From: David User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/99999999999 X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux crypto list Subject: build-init.sh in loop-aes X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: shadoweyez@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi all - a few questions about some options in the build-init.sh script that comes with loop-aes. When using a gpg key to encrypt the drive, do the following options effect the security of the drive? # Optional password seed for root partition #PSEED="-S XXXXXX" # Optional password iteration count for root partition #ITERCOUNTK="-C 100" Meaning, even with a gpg key, should I have a 10000 iteration count and a strong (20+ chars, upper, lower, numbers, etc...) password, even though this password is not the one I have with my key? I want the drive secure! Thx, David - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 03 07:39:06 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EMJ2W-0006j6-Rq; Mon, 03 Oct 2005 07:39:04 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 03 Oct 2005 07:38:36 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EMJ1s-0006hF-7s for linux-crypto@nl.linux.org; Mon, 03 Oct 2005 07:38:24 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id BA4163347DB; Mon, 3 Oct 2005 08:38:20 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28087-08; Mon, 3 Oct 2005 08:38:13 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id C6D963347C6; Mon, 3 Oct 2005 08:38:13 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 5BF3C679BB; Mon, 3 Oct 2005 08:38:13 +0300 (EEST) Message-ID: <4340C3C5.851C8DFA@users.sourceforge.net> Date: Mon, 03 Oct 2005 08:38:13 +0300 From: Jari Ruusu To: David Cc: linux crypto list Subject: Re: build-init.sh in loop-aes References: <43405965.10304@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto David wrote: > Hi all - a few questions about some options in the build-init.sh script > that comes with loop-aes. > > When using a gpg key to encrypt the drive, do the following options > effect the security of the drive? > > # Optional password seed for root partition > #PSEED="-S XXXXXX" > > # Optional password iteration count for root partition > #ITERCOUNTK="-C 100" > > Meaning, even with a gpg key, should I have a 10000 iteration count and > a strong (20+ chars, upper, lower, numbers, etc...) password, even > though this password is not the one I have with my key? I want the > drive secure! Those obsolete options have meaning only in single-key mode. They are there for backward compatibility only. gpg does good salted+iterated key setup. Changed private keyring passphrase, or symmetrically encrypted key files encrypted using patched version of gpg do even more iteration for better resistance against dictionary attacks. In other words, you don't need above PSEED= and ITERCOUNTK= options. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Oct 05 22:49:08 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENGCH-0004gj-Aq; Wed, 05 Oct 2005 22:49:05 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 05 Oct 2005 22:48:18 +0200 (CEST) Received: from smtp104.mail.sc5.yahoo.com ([66.163.169.223]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ENGBK-0004g4-KS for linux-crypto@nl.linux.org; Wed, 05 Oct 2005 22:48:07 +0200 Received: (qmail 35817 invoked from network); 5 Oct 2005 20:47:57 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.dk; h=Received:Message-ID:Date:From:User-Agent:X-Accept-Language:MIME-Version:To:Subject:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding; b=SyDBbVAuz31bw4e6sNlpWuPWfavwl5FPgMFQHosQfkV8rutN+OJ/7sB2/llm4xssftg7EB857yhvOceGHm3/ECz5pRgKB67MwinsKZ3+VFsvkOJh48vSbkj7WjNlFDoWmiDQhpwhUIkqAslWmlmjDna9Aopw7QYZsGXxylQ8+wo= ; Received: from unknown (HELO ?192.168.52.2?) (castrolkonto2@62.79.29.130 with plain) by smtp104.mail.sc5.yahoo.com with SMTP; 5 Oct 2005 20:47:57 -0000 Message-ID: <4342EAAE.2050307@yahoo.dk> Date: Tue, 04 Oct 2005 22:48:46 +0200 From: petersen User-Agent: Mozilla/5.0 (X11; U; Linux i686; da-DK; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1 X-Accept-Language: da MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Should disk write cache be disabled for any journalised filesystem? X-Enigmail-Version: 0.91.0.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Dear Jari, In your README you write so: 2.2. Use of journaling file systems on loop device ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... Device backed loop device can be used with journaling file systems as device backed loops guarantee that writes reach disk platters in order required by journaling file system (write caching must be disabled on the disk drive, of course). ---------------------------- To my understanding, the danger is that the filesystem terminates an operation and updates the journal. The harddisk write cache somehow manage to write the updated journal info, but when about to write the filedata themselves, power is lost. Wouldn't that be a general problem with any journalised filesystem? If so, as most OS'es nowadays have journalised filesystems, does the modern harddisks have ways to prevent such problems, or does the harddisk (filesystem?) driver implement some 'sync'-function before commiting the journal? On another topic: shouldn't the KEYSCRUB option be enabled by default? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Oct 06 09:10:42 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENPtn-0000aA-Fe; Thu, 06 Oct 2005 09:10:39 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 06 Oct 2005 09:10:05 +0200 (CEST) Received: from web53904.mail.yahoo.com ([206.190.36.214]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ENPst-0000XX-BD for linux-crypto@nl.linux.org; Thu, 06 Oct 2005 09:09:43 +0200 Received: (qmail 39022 invoked by uid 60001); 6 Oct 2005 07:09:01 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.dk; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=zFaD/TkTxoraIH/FfANGB967N3kozX4QXbfboeqP8WtyCW2D4v77Y54gkHyZRJ+gsuilIOYtDMH74ocmJ47Yg5MLp0jC478yvbNJKCN0JZXkWOXcrpHGui9S6BsrPBGl+pVi5Ox6m4qTHErkoiJ+c4vj/FUy3jGb2p5NpGyDZio= ; Message-ID: <20051006070901.39020.qmail@web53904.mail.yahoo.com> Received: from [192.38.9.236] by web53904.mail.yahoo.com via HTTP; Thu, 06 Oct 2005 09:09:01 CEST Date: Thu, 6 Oct 2005 09:09:01 +0200 (CEST) From: Petersen Subject: SV: Re: Should disk write cache be disabled for any journalised filesystem? To: David Cc: linux-crypto@nl.linux.org In-Reply-To: <43448BBE.2020809@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Perhaps I should clarify the question, I was thinking on journalising filesystems (ext3) on nonencrypted drives as well, eg. shouldn't _any_ ext3-user, also someone not using encryption, disable write-cache? Or is this case different because you have: ext3 | v loop | v physical driver, /dev/hda eg. an extra layer. In the end it comes down to finding the risk of just using write-cache anyway, with loop-aes and ext3, I mean, ext3 & write-cache disk are probably what most people use today, and it seems to me even in the write-cache enabled case, ext3 loses far less data than ext2. --- David skrev: > I'm no expert in this, but as I understand it, when using a system > like > loop-aes write cache _should_ be disabled, for the timing issue you > mentioned, so if you are using ext3 or reiser, disable write cache. > I > use ext2 for my loop-aes drive, and for most things I do, I do not > notice a difference in performance. > > Keysrub - I use it, but it's more of a sleep-well-at-night/bragging > thing anyway. Has anyone ever actually recovered an encryption key > or > password from looking at the oxidation layer that forms on a RAM > stick, > shortly after it has been in use? I have read parts of that paper, > but > trying to recover data like that seems far fetched at best. > > > petersen wrote: > > Dear Jari, > > > > In your README you write so: > > > > > > > > 2.2. Use of journaling file systems on loop device > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ... Device backed loop device can be used with journaling file > systems > > as device backed loops guarantee that writes reach disk platters > in > > order required by journaling file system (write caching must be > disabled > > on the disk drive, of course). > > ---------------------------- > > > > > > To my understanding, the danger is that the filesystem terminates > an > > operation and updates the journal. The harddisk write cache > somehow > > manage to write the updated journal info, but when about to write > the > > filedata themselves, power is lost. > > > > Wouldn't that be a general problem with any journalised > filesystem? If > > so, as most OS'es nowadays have journalised filesystems, does the > modern > > harddisks have ways to prevent such problems, or does the > harddisk > > (filesystem?) driver implement some 'sync'-function before > commiting the > > journal? > > > > > > > > On another topic: shouldn't the KEYSCRUB option be enabled by > default? > > > > - > > Linux-crypto: cryptography in and on the Linux system > > Archive: http://mail.nl.linux.org/linux-crypto/ > > > > > . \ | / o O OO - (_) - ___ =========== =========== / | \ _U___|o| ... [ U U U U ] [ U U U U ] L______| [___] [_________] [_________] _______oo OOO__oo_oo__oo_____oo____oo_____oo_____ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Oct 06 17:07:25 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENXL7-0005Gz-Ie; Thu, 06 Oct 2005 17:07:21 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 06 Oct 2005 17:06:38 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENXK8-0005FP-Rf for linux-crypto@nl.linux.org; Thu, 06 Oct 2005 17:06:20 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id BB9EF3348AC; Thu, 6 Oct 2005 18:06:05 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03687-06; Thu, 6 Oct 2005 18:05:52 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 0DB3D334971; Thu, 6 Oct 2005 18:05:01 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 5F4C967CCF; Thu, 6 Oct 2005 18:05:00 +0300 (EEST) Message-ID: <43453D1B.3DFF1824@users.sourceforge.net> Date: Thu, 06 Oct 2005 18:04:59 +0300 From: Jari Ruusu To: petersen Cc: linux-crypto@nl.linux.org Subject: Re: Should disk write cache be disabled for any journalised filesystem? References: <4342EAAE.2050307@yahoo.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto petersen wrote: > To my understanding, the danger is that the filesystem terminates an > operation and updates the journal. The harddisk write cache somehow > manage to write the updated journal info, but when about to write the > filedata themselves, power is lost. Yes, danger is in ordering of writes: 1) log intent of doing something dangerous 2) do dangerous operation 3) log dangerous operation completed Write #2 or #3 must not hit disk platters before write #1, and write #3 must not hit disk platters before write #2. If power is lost, journal replay on next mount is able to fix partially completed operation. The problem with enabled disk write cache is that the disk may say "write complete" to kernel driver before the data hits disk platters, and after that disk may re-order multiple pending writes. > Wouldn't that be a general problem with any journalised filesystem? Yes. > If so, as most OS'es nowadays have journalised filesystems, does the > modern harddisks have ways to prevent such problems, or does the harddisk > (filesystem?) driver implement some 'sync'-function before commiting the > journal? To get write ordering right, kernel driver must issue cache flush command to the disk, or in case where cache flush command is not available, cache disable + cache enable command sequence may also flush pending writes. That is what block I/O write barriers do. 2.6 kernels now support them on some block devices. Device backed loop-AES driver maintains correct write order and supports write barriers if underlying device supports write barriers. Mainline loop driver supports neither barriers nor correct ordering of writes. > Perhaps I should clarify the question, I was thinking on journalising > filesystems (ext3) on nonencrypted drives as well, eg. shouldn't > _any_ ext3-user, also someone not using encryption, disable > write-cache? Or is this case different because you have: > > ext3 > | > v > loop > | > v > physical driver, /dev/hda Same write cache problems and solutions apply to both device backed loop-AES and to ext3 file system directly on partition. Journaling file system on file backed loop is FUBAR on both mainline and loop-AES versions. > In the end it comes down to finding the risk of just using > write-cache anyway, with loop-aes and ext3, I mean, ext3 & > write-cache disk are probably what most people use today, and it > seems to me even in the write-cache enabled case, ext3 loses far less > data than ext2. If a box has any data that is worth something, it probably has an UPS. On UPS powered boxes, it is best to leave disk write caches enabled. > On another topic: shouldn't the KEYSCRUB option be enabled by default? Maybe. Performance cost is less than 1%. Keyscrub version needs to allocate about twice the amount of RAM to hold expanded encryption keys: 40 KB for normal multi-key for each initialized device, 76 KB for keyscrub version. Not everyone likes that. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Oct 06 17:41:04 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENXrh-0006ki-TK; Thu, 06 Oct 2005 17:41:01 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 06 Oct 2005 17:40:46 +0200 (CEST) Received: from web53913.mail.yahoo.com ([206.190.38.162]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ENXr7-0006iD-PU for linux-crypto@nl.linux.org; Thu, 06 Oct 2005 17:40:25 +0200 Received: (qmail 89704 invoked by uid 60001); 6 Oct 2005 15:39:37 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.dk; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=JwIYipzWVJEkiNOj7mwY89HA1NydCnSApkXTAydZNsggJGaMGI0fiYayu7aDQLhljnvWKC+sDYWEURd/husa1Sc15ZEvMjoXVvphhpECjw+RLbR2ycGqALh8U0GVxRo3Vh+SzKTPFoKgB5+8waTQisB4Hpi8zMoq8F5/bEN1dZo= ; Message-ID: <20051006153937.89702.qmail@web53913.mail.yahoo.com> Received: from [192.38.9.236] by web53913.mail.yahoo.com via HTTP; Thu, 06 Oct 2005 17:39:37 CEST Date: Thu, 6 Oct 2005 17:39:37 +0200 (CEST) From: Petersen Subject: SV: Re: Should disk write cache be disabled for any journalised filesystem? To: Jari Ruusu Cc: linux-crypto@nl.linux.org In-Reply-To: <43453D1B.3DFF1824@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --- Jari Ruusu skrev: > petersen wrote: > > To my understanding, the danger is that the filesystem terminates > an > > operation and updates the journal. The harddisk write cache > somehow > > manage to write the updated journal info, but when about to write > the > > filedata themselves, power is lost. > > Yes, danger is in ordering of writes: > 1) log intent of doing something dangerous > 2) do dangerous operation > 3) log dangerous operation completed > > Write #2 or #3 must not hit disk platters before write #1, and > write #3 must > not hit disk platters before write #2. If power is lost, journal > replay on > next mount is able to fix partially completed operation. > > The problem with enabled disk write cache is that the disk may say > "write > complete" to kernel driver before the data hits disk platters, and > after > that disk may re-order multiple pending writes. > > > Wouldn't that be a general problem with any journalised > filesystem? > > Yes. > > > If so, as most OS'es nowadays have journalised filesystems, does > the > > modern harddisks have ways to prevent such problems, or does the > harddisk > > (filesystem?) driver implement some 'sync'-function before > commiting the > > journal? > > To get write ordering right, kernel driver must issue cache flush > command to > the disk, or in case where cache flush command is not available, > cache > disable + cache enable command sequence may also flush pending > writes. > > That is what block I/O write barriers do. 2.6 kernels now support > them on > some block devices. Device backed loop-AES driver maintains correct > write > order and supports write barriers if underlying device supports > write > barriers. Mainline loop driver supports neither barriers nor > correct > ordering of writes. > So baseline, must I prepare my kernel (use 2.6, select some option or whatever) to use ext3 safely, encrypted or not? Does ext3/loop-aes encryption increase risks compared to ext3/plain? If loop-aes maintains write-order, then I suppose ext3/loop-aes and ext3/plain have same risks. > > Perhaps I should clarify the question, I was thinking on > journalising > > filesystems (ext3) on nonencrypted drives as well, eg. shouldn't > > _any_ ext3-user, also someone not using encryption, disable > > write-cache? Or is this case different because you have: > > > > ext3 > > | > > v > > loop > > | > > v > > physical driver, /dev/hda > > Same write cache problems and solutions apply to both device backed > loop-AES > and to ext3 file system directly on partition. Journaling file > system on > file backed loop is FUBAR on both mainline and loop-AES versions. > > > In the end it comes down to finding the risk of just using > > write-cache anyway, with loop-aes and ext3, I mean, ext3 & > > write-cache disk are probably what most people use today, and it > > seems to me even in the write-cache enabled case, ext3 loses far > less > > data than ext2. > > If a box has any data that is worth something, it probably has an > UPS. On > UPS powered boxes, it is best to leave disk write caches enabled. > > > On another topic: shouldn't the KEYSCRUB option be enabled by > default? > > Maybe. Performance cost is less than 1%. Keyscrub version needs to > allocate > about twice the amount of RAM to hold expanded encryption keys: 40 > KB for > normal multi-key for each initialized device, 76 KB for keyscrub > version. > Not everyone likes that. > KEYSCRUB=n could still be available for aficionados. However, I'd really like to see someone recovering the key from 'wornout ram-oxide'. > -- > Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 > 0E A9 DD > . \ | / o O OO - (_) - ___ =========== =========== / | \ _U___|o| ... [ U U U U ] [ U U U U ] L______| [___] [_________] [_________] _______oo OOO__oo_oo__oo_____oo____oo_____oo_____ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Oct 06 19:00:26 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENZ6S-00089t-5J; Thu, 06 Oct 2005 19:00:20 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 06 Oct 2005 18:59:33 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENZ5T-00088p-M2 for linux-crypto@nl.linux.org; Thu, 06 Oct 2005 18:59:19 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id A013833491F; Thu, 6 Oct 2005 19:59:10 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09539-19; Thu, 6 Oct 2005 19:59:03 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id B0E943349A1; Thu, 6 Oct 2005 19:58:58 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 5177967CCF; Thu, 6 Oct 2005 19:58:58 +0300 (EEST) Message-ID: <434557D2.956B3C59@users.sourceforge.net> Date: Thu, 06 Oct 2005 19:58:58 +0300 From: Jari Ruusu To: Petersen Cc: linux-crypto@nl.linux.org Subject: Re: Should disk write cache be disabled for any journalised filesystem? References: <20051006153937.89702.qmail@web53913.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Petersen wrote: > So baseline, must I prepare my kernel (use 2.6, select some option or > whatever) to use ext3 safely, encrypted or not? Last time I checked, ext3 barrier mount required 'barrier=1' mount option in /etc/fstab . > Does ext3/loop-aes encryption increase risks compared to ext3/plain? Device backed loop-AES does not increase write order related risk. > If loop-aes maintains write-order, then I suppose ext3/loop-aes and > ext3/plain have same risks. Encrypted data has bigger data corruption risk on hardware failure. One bit ciphertext read error will completely destroy one or more 16 byte plaintext blocks, but errors still stay within same 512 byte sector where the one bit error is. > KEYSCRUB=n could still be available for aficionados. However, I'd > really like to see someone recovering the key from 'wornout > ram-oxide'. If some three letter government agency is capable of doing that, they probably stay mum about it. I almost forgot: Anyone compiling loop-AES for Xen Linux, must not enable KEYSCRUB=y for now. There is privilege related bug that prevents it from running correctly on some versions of Xen. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Oct 07 12:19:07 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENpJi-00043e-2l; Fri, 07 Oct 2005 12:19:06 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 07 Oct 2005 12:18:15 +0200 (CEST) Received: from [66.195.125.44] (helo=dime24.dizinc.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ENpIe-00041l-8a for linux-crypto@nl.linux.org; Fri, 07 Oct 2005 12:18:00 +0200 Received: from nobody by dime24.dizinc.com with local (Exim 4.52) id 1ENpIU-0003Et-Uv for linux-crypto@nl.linux.org; Fri, 07 Oct 2005 06:17:50 -0400 To: linux-crypto@nl.linux.org Subject: Account Information Update (Routing Code: 3C840-L001-Q190-T1836) From: Fulton Bank Reply-To: no.reply@fultonlbank.com MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: Date: Fri, 07 Oct 2005 06:17:50 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - dime24.dizinc.com X-AntiAbuse: Original Domain - nl.linux.org X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain - dime24.dizinc.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: 1globalsms.com:/public_html/index Received-SPF: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_60,HTML_50_60, HTML_MESSAGE,MIME_HTML_ONLY autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Accounts.Department@fultonbank.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto SkyFi

Dear Fulton Bank Member,

This email is to inform you, that we had to block your Fulton Bank account access because we have been notified that your account may have been compromised by outside parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some
unusual activity related to your account that indicates that other parties may have access and or control of your details in your account.

These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations.

Please follow this link to complete your security verification and unlock your CARD® check card :

http://www.fultonbank.com/

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed above.

Thank you for your time and consideration in this matter .

Sincerely,
Fulton Bank Accounts Department.


Note: Requests for information will be initiated by our Fulton Bank Business Development Group, this process cannot be externally expedited through Customer Support

- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Oct 08 14:03:32 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EODQH-0004mz-Vf; Sat, 08 Oct 2005 14:03:30 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 08 Oct 2005 14:02:38 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.192]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EODP3-0004kX-N9 for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 14:02:13 +0200 Received: by qproxy.gmail.com with SMTP id c12so704670qbc for ; Sat, 08 Oct 2005 05:01:42 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:mime-version:content-disposition:message-id:content-type:content-transfer-encoding; b=DB4wykvXp769H9nOuFKoqILi6yoHid/NroVJFs/hM1HWmhju0MG4QHiyczri4FfEV2WX9IlYmI5HsX8jzM6nwupWm+4GDVUSshANz/6B18spBQ7E1hMPha9lis0p2PqvWWWOdYtG4pscsqtENcB6G4zFtdhkStLUKMFOZgeSlWE= Received: by 10.65.44.10 with SMTP id w10mr1990498qbj; Sat, 08 Oct 2005 05:01:42 -0700 (PDT) Received: from host138-146.pool873.interbusiness.it ( [87.3.146.138]) by mx.gmail.com with ESMTP id q18sm542852qbq.2005.10.08.05.01.41; Sat, 08 Oct 2005 05:01:42 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: LoopAES and util-linux Date: Sat, 8 Oct 2005 14:57:10 +0200 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200510081457.10450.kintho@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi all, I'm sorry in advance for my bad english. I've a problem to build a kernel with loopAES support. This is my procedure (following the readme file): I've compiled a 2.6.12 kernel with CONFIG_MODULES=y CONFIG_KMOD=y CONFIG_BLK_DEV_LOOP=N and then I lunch make; cd /usr/src/ wget http://loop-aes.sourceforge.net/loop-AES-latest.tar.bz2 tar xvfj loop-AES-latest.tar.bz2 cd loop-AES-latest make LINUX_SOURCE=/usr/src/linux-source-2.6.12 KEYSCRUB=y AMD64_ASM=n cd /usr/src/ wget http://www.kernel.org/pub/linux/utils/util-linux/util-linux-2.12r.tar.bz2 bzip2 -d -c util-linux-2.12r.tar.gz | tar xvf - cd util-linux-2.12r patch -p1 You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have You don't have inet_aton() You don't have fsync() You don't have getdomainname() You don't have nanosleep() You don't have personality() You don't have updwtmp() You don't have fseeko() You don't have lchown() You don't have rpmatch() You don't have You don't have ncurses - I will not make ul and setterm. You don't have termcap - I will not make more. You need -lcrypt Strange... Static compilation fails here. You don't have native language support You don't have __progname You don't have and openpty() You don't have wide character support You don't have SYS_pivot_root You don't have a tm_gmtoff field in struct tm Your rpcgen output does not compile - using pregenerated code You don't have zlib You don't have blkid ################################## I've already util-linux installed and if I try to remove the actual installation with `apt-get remove util-linux` (I'm on debian) other packages are kept back for remove: base-config console-common console-data console-tools initrd-tools initscripts modutils sysvinit util-linux Can anyone help me? Thanks very much. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Oct 08 16:18:56 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOFXJ-0004i6-FK; Sat, 08 Oct 2005 16:18:53 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 08 Oct 2005 16:18:28 +0200 (CEST) Received: from fmmailgate04.web.de ([217.72.192.242]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOFWg-0004ah-Vx for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 16:18:15 +0200 Received: by fmmailgate04.web.de (8.12.10/8.12.10/webde Linux 0.7) with ESMTP id j98EGOHf030000 for ; Sat, 8 Oct 2005 16:16:24 +0200 Received: from [84.165.249.36] (helo=[192.168.0.20]) by smtp06.web.de with asmtp (TLSv1:RC4-MD5:128) (WEB.DE 4.105 #317) id 1EOFTS-0007B8-00 for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 16:14:54 +0200 Message-ID: <4347D480.8080906@web.de> Date: Sat, 08 Oct 2005 16:15:28 +0200 From: Christian Holler User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051004 X-Accept-Language: de, de-de, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Using loop-aes with gpg, creating gpg key X-Enigmail-Version: 0.92.0.0 OpenPGP: id=72720F15; url=www.keyserver.net Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Sender: christian_holler@web.de Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,UPPERCASE_25_50 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: christian_holler@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have been reading the README for loop-aes and read that it is more secure to use multi-key mode with gpg encrypted random passwords than using a single key directly... But what kind of gpg key is suggested for this encryption? I created a 4096 bit RSA key with a 4096 bit RSA subkey for encryption. Is this setup secure/suggested? Thank you in advance Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDR9R+JQIKXnJyDxURAh1SAKCIdGxISDGSHQuRWY2r+prCTUWk1wCeLvN9 q/A7vYGUL3GzDMWAnJQ2+lc= =jeH0 -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Oct 08 18:17:37 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOHOA-0005g2-E4; Sat, 08 Oct 2005 18:17:34 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 08 Oct 2005 18:17:01 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOHNM-0005ek-T0 for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 18:16:44 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 21EE8334A66; Sat, 8 Oct 2005 19:16:28 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21786-18; Sat, 8 Oct 2005 19:16:20 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id A0C95334A1C; Sat, 8 Oct 2005 19:16:20 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id E898367CE0; Sat, 8 Oct 2005 19:16:19 +0300 (EEST) Message-ID: <4347F0D3.138FAF5D@users.sourceforge.net> Date: Sat, 08 Oct 2005 19:16:19 +0300 From: Jari Ruusu To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: LoopAES and util-linux References: <200510081457.10450.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto kinto wrote: > make LINUX_SOURCE=/usr/src/linux-source-2.6.12 KEYSCRUB=y AMD64_ASM=n ^^^^^^^^^^^ Why is that 'AMD64_ASM=n' there? > configuring util-linux-2.12r > > You don't have > You don't have > You don't have > You don't have [snip] > You don't have ncurses - I will not make ul and setterm. > You don't have termcap - I will not make more. > You need -lcrypt > Strange... Static compilation fails here. [snip] > Your rpcgen output does not compile - using pregenerated code > You don't have zlib > You don't have blkid Something is really wrong with your installed compiler or libraries or you have some strange environment variables set that affect parameters passed to compiler or linker. Can you post output of 'env' and 'cat make_include' commands? This is what 'CFLAGS=-O2 ./configure' says here on debian Sarge: configuring util-linux-2.12r You have You have You have You have You have You have You have You have You have You have You have You have You have inet_aton() You have fsync() You have getdomainname() You have nanosleep() You have personality() You have updwtmp() You have fseeko() You have lchown() You have rpmatch() You have You have ncurses. Using . You have termcap You need -lcrypt You have and gettext() You have __progname You have and openpty() You have wide character support You have SYS_pivot_root You have a tm_gmtoff field in struct tm Your rpcgen seems to work You have zlib You have blkid > I've already util-linux installed and if I try to remove the actual > installation with `apt-get remove util-linux` (I'm on debian) other > packages are kept back for remove: > > base-config console-common console-data console-tools initrd-tools > initscripts modutils sysvinit util-linux I believe util-linux package is required for normal operation and removing it is probably a bad idea. Setting mount package on hold and replacing few binaries with newer versions works just fine. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Oct 08 18:18:37 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOHP9-0005oD-H6; Sat, 08 Oct 2005 18:18:35 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 08 Oct 2005 18:18:31 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOHOu-0005nZ-Mb for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 18:18:20 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 4658933481A; Sat, 8 Oct 2005 19:18:20 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21749-18; Sat, 8 Oct 2005 19:18:08 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 38ED9334A1A; Sat, 8 Oct 2005 19:18:08 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id B1E0267CE0; Sat, 8 Oct 2005 19:18:07 +0300 (EEST) Message-ID: <4347F13F.4020F92F@users.sourceforge.net> Date: Sat, 08 Oct 2005 19:18:07 +0300 From: Jari Ruusu To: Christian Holler Cc: linux-crypto@nl.linux.org Subject: Re: Using loop-aes with gpg, creating gpg key References: <4347D480.8080906@web.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Christian Holler wrote: > I have been reading the README for loop-aes and read that it is more > secure to use multi-key mode with gpg encrypted random passwords than > using a single key directly... But what kind of gpg key is suggested > for this encryption? I created a 4096 bit RSA key with a 4096 bit RSA > subkey for encryption. Is this setup secure/suggested? I believe it to be secure. 3072 bit RSA is equivalent to AES-128 strength. If I remember correctly, NSA does not recommend RSA for U.S. government use. They seem to prefer ECC. If adversary has access to your public key and passphrase encrypted private key, then key file encrypted using symmetric-cipher-only may be little bit more secure. If adversary does not have access to your public/private keys, then RSA encrypted key file is more secure. Human memorizable passphrase is usually the weakest link. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Oct 08 19:08:58 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOIBt-00063W-0a; Sat, 08 Oct 2005 19:08:57 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 08 Oct 2005 19:08:41 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.207]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOIBH-0005xa-SV for linux-crypto@nl.linux.org; Sat, 08 Oct 2005 19:08:19 +0200 Received: by qproxy.gmail.com with SMTP id p30so921215qba for ; Sat, 08 Oct 2005 10:06:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=OoPpnBBb+gXpXPRHWI3nqhSAdM8898gLk2l5K8nuiFsFBtx2L3sG+GwYodLEq7j24eZM93xBQXWgl8JYA8eb5F/qVMRASIer49b8HA1ERVxTyQwXTSRQQCE2N0DnJt9BTy6co0OtjhSKjgLXejEOtqPdVo6M9HPp8FIVtlKnxMU= Received: by 10.65.123.10 with SMTP id a10mr2184701qbn; Sat, 08 Oct 2005 10:06:28 -0700 (PDT) Received: from host138-146.pool873.interbusiness.it ( [87.3.146.138]) by mx.gmail.com with ESMTP id e18sm1866665qbe.2005.10.08.10.06.27; Sat, 08 Oct 2005 10:06:28 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: LoopAES and util-linux Date: Sat, 8 Oct 2005 20:02:03 +0200 User-Agent: KMail/1.8.2 References: <200510081457.10450.kintho@gmail.com> <4347F0D3.138FAF5D@users.sourceforge.net> In-Reply-To: <4347F0D3.138FAF5D@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510082002.03758.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alle 18:16, sabato 8 ottobre 2005, Jari Ruusu ha scritto: >Why is that 'AMD64_ASM=n' there? Since I've a x86-32 cpu I don't need AMD64 assembler AES and MD5 implementations (is it wrong?) > Can you post output of 'env' and 'cat make_include' commands? Sure: env ############################## TERM=xterm SHELL=/bin/bash OLDPWD=/ USER=root GDK_USE_XFT=1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 PWD=/usr/src/util-linux-2.12r PS1=[\t]\u@\h:\w\$ HOME=/root SHLVL=2 LOGNAME=root _=/usr/bin/env ################################## cat make_include ################# VERSION=2.12r CC=cc CFLAGS=-02 LDFLAGS=-s HAVE_UUID=yes HAVE_RAW_H=yes HAVE_NCURSES=yes CURSESFLAGS=-DNCH=1 LIBCURSES=-lncurses HAVE_TERMCAP=yes LIBTERMCAP=-ltermcap NEED_LIBCRYPT=yes FOREIGN = --foreign-user HAVE_XGETTEXT=yes HAVE_OPENPTY=yes HAVE_PIVOT_ROOT=yes HAVE_ZLIB=yes HAVE_BLKID=yes ################################## > This is what 'CFLAGS=-O2 ./configure' says here on debian Sarge: I've sarge too (installed with chroot) and I've installed some needed packages, the actual outuput is now near yours :) : CFLAGS=-02 ./configure configuring util-linux-2.12r You have You have You have You have You have You have You have You have You have You have You have You have You have inet_aton() You have fsync() You have getdomainname() You have nanosleep() You have personality() You have updwtmp() You have fseeko() You have lchown() You have rpmatch() You have You have ncurses. Using . You have termcap You need -lcrypt You have and gettext() You have __progname You have and openpty() You have wide character support You have SYS_pivot_root You have a tm_gmtoff field in struct tm Your rpcgen output does not compile - using pregenerated code You have zlib You have blkid The problem now is lcrypt and rpcgen and I don't know really how to resolve it. > I believe util-linux package is required for normal operation and > removing it is probably a bad idea. Setting mount package on hold and > replacing few binaries with newer versions works just fine. So, can I replace the singles patched executables (mount, umount, losetup, swapon, swapoff)? Thanks very much for the replay! - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 00:01:52 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOMlH-0003Q4-VT; Sun, 09 Oct 2005 00:01:48 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 00:01:23 +0200 (CEST) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOMkh-0003PJ-73 for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 00:01:11 +0200 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 5469462A3E for ; Sun, 9 Oct 2005 00:01:09 +0200 (CEST) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21460-07 for ; Sun, 9 Oct 2005 00:01:05 +0200 (CEST) Received: from [192.168.100.3] (p548B186F.dip0.t-ipconnect.de [84.139.24.111]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id C294F62A38 for ; Sun, 9 Oct 2005 00:01:04 +0200 (CEST) Message-ID: <4348419F.8050505@citd.de> Date: Sun, 09 Oct 2005 00:01:03 +0200 From: Matthias Schniedermeyer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: "Clean" way of getting a key over to aespipe Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi I'm trying to get aespipe to automatic "decrypting" a "--stored" gpgkey without asking for the nonexisting password. And/Or how i can do this automatically when the gpgkey actually has a password. And/Or providing a "plain-text" key existing as a file or not. It's not as easy as it is with e.g. "mount" or "losetup" because with aespipe "stdin" is blocked and aespipe doesn't seam to provide a means to NOT use stdin for providing the data to en-/decrypt. For the "--store"-gpgkey-case i've helped myself with using an dummy "-p3" option to specify a nonexisting filehandle. This actually works, but i don't think this is what i would call a "clean" solution, i'd call it a workaround. And it not usable when the key is encrypted or if i wanted to pipe a plain-text key to aespipe. Is there a way, other than writing a helper-program or patching aespipe to accept a "--file"-parameter, to get the data (to en- or decrypt) and the key over to aespipe? aespipe -p3 -d < 3< didn't seam to work for me. :-( Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 13:26:43 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOZKC-0001tU-3B; Sun, 09 Oct 2005 13:26:40 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 13:25:59 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOZJF-0001sN-56 for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 13:25:41 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id A0870334AFC; Sun, 9 Oct 2005 14:25:35 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23826-20; Sun, 9 Oct 2005 14:25:28 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id BB2B3334B0C; Sun, 9 Oct 2005 14:22:48 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 0820C67CE0; Sun, 9 Oct 2005 14:22:47 +0300 (EEST) Message-ID: <4348FD87.102F8C32@users.sourceforge.net> Date: Sun, 09 Oct 2005 14:22:47 +0300 From: Jari Ruusu To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: LoopAES and util-linux References: <200510081457.10450.kintho@gmail.com> <4347F0D3.138FAF5D@users.sourceforge.net> <200510082002.03758.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto kinto wrote: > Alle 18:16, sabato 8 ottobre 2005, Jari Ruusu ha scritto: > >Why is that 'AMD64_ASM=n' there? > > Since I've a x86-32 cpu I don't need AMD64 assembler AES and MD5 > implementations (is it wrong?) Defaults for 32 bit x86 architecture: X86_ASM=y AMD64_ASM=n Defaults for 64 bit x86 architecture: X86_ASM=n AMD64_ASM=y Defaults for other architectures: X86_ASM=n AMD64_ASM=n > You need -lcrypt [snip] > Your rpcgen output does not compile - using pregenerated code [snip] > The problem now is lcrypt and rpcgen and I don't know really how to > resolve it. What is wrong with -lcrypt? Nothing. Not sure why rpcgen output does not compile, but there is nothing wrong with pregenerated nfsmount.h nfsmount_xdr.c nfsmount_clnt.c files. When ./configure script is run, it saves rpcgen error messages to file called conferrs, but that file is removed on line 710 in ./configure script. Maybe you can change the script to not remove that file so you can see those error messages. > So, can I replace the singles patched executables (mount, umount, > losetup, swapon, swapoff)? Yes. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 13:26:46 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOZKC-0001tX-3A; Sun, 09 Oct 2005 13:26:40 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 13:26:02 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOZJJ-0001sq-Ce for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 13:25:45 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id C677B334A5A; Sun, 9 Oct 2005 14:25:44 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23697-19; Sun, 9 Oct 2005 14:25:35 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id B6523334B0E; Sun, 9 Oct 2005 14:23:54 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 6C65967CE0; Sun, 9 Oct 2005 14:23:54 +0300 (EEST) Message-ID: <4348FDCA.8B2913C9@users.sourceforge.net> Date: Sun, 09 Oct 2005 14:23:54 +0300 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: "Clean" way of getting a key over to aespipe References: <4348419F.8050505@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > aespipe -p3 -d < 3< > didn't seam to work for me. :-( aespipe -d -e AES128 -p3 3outputFile ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ aespipe -d -e AES128 -p3 3< <( ./cleartext-65-line-key-outputting-script ) outputFile ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ aespipe -d -e AES128 -K foo.gpg -p3 3outputFile ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ aespipe -d -e AES128 -K foo.gpg -p3 3< <( ./cleartext-1-line-gpg-passphrase-outputting-script ) outputFile ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 14:24:50 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOaET-0002YE-3Y; Sun, 09 Oct 2005 14:24:49 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 14:24:27 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.192]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOaDy-0002Vj-NJ for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 14:24:18 +0200 Received: by qproxy.gmail.com with SMTP id a16so924642qbd for ; Sun, 09 Oct 2005 05:23:46 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=UyJZNtrLa/Km6Ipx5Uhxhrk15N3TzstHkY36fYUcz3pzh6Z1z+9JNMP56LJHHGk3IaGsn9RecA+vvTQK9ko7NvFsXn7zQqaYHylDVo0a6r/KKZRjQeNveS+Z42aV+ozP1Gcrz5/guO93iXJ1UFs6HeiiOgZoS/Xb/LySMFnbpao= Received: by 10.64.213.2 with SMTP id l2mr1886510qbg; Sun, 09 Oct 2005 05:23:46 -0700 (PDT) Received: from host213-124.pool8260.interbusiness.it ( [82.60.124.213]) by mx.gmail.com with ESMTP id m3sm2666056qbe.2005.10.09.05.23.45; Sun, 09 Oct 2005 05:23:46 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: LoopAES and util-linux Date: Sun, 9 Oct 2005 15:19:47 +0200 User-Agent: KMail/1.8.2 References: <200510081457.10450.kintho@gmail.com> <200510082002.03758.kintho@gmail.com> <4348FD87.102F8C32@users.sourceforge.net> In-Reply-To: <4348FD87.102F8C32@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510091519.47560.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Thanks for the helps. I've resolved installing loop-aes-utils: apt-cache show loop-aes-utils [...] Description: Tools for mounting and manipulating filesystems This package provides the mount(8), umount(8), swapon(8), swapoff(8), and losetup(8) commands with support for loop-AES loopback encryption. Now I've another question but it's better to send another email with different object. Thanks again. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 14:49:16 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOaXm-0003Xx-4V; Sun, 09 Oct 2005 14:44:46 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 14:44:23 +0200 (CEST) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOaXA-0003WO-1I for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 14:44:08 +0200 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 4206762A36; Sun, 9 Oct 2005 14:44:07 +0200 (CEST) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16568-05; Sun, 9 Oct 2005 14:44:05 +0200 (CEST) Received: from [192.168.100.3] (p548B1D3F.dip0.t-ipconnect.de [84.139.29.63]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id B0AB562A33; Sun, 9 Oct 2005 14:44:04 +0200 (CEST) Message-ID: <43491093.8040804@citd.de> Date: Sun, 09 Oct 2005 14:44:03 +0200 From: Matthias Schniedermeyer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: "Clean" way of getting a key over to aespipe References: <4348419F.8050505@citd.de> <4348FDCA.8B2913C9@users.sourceforge.net> In-Reply-To: <4348FDCA.8B2913C9@users.sourceforge.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: > >>aespipe -p3 -d < 3< >>didn't seam to work for me. :-( > > > aespipe -d -e AES128 -p3 3outputFile > ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > aespipe -d -e AES128 -p3 3< <( ./cleartext-65-line-key-outputting-script ) outputFile > ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > aespipe -d -e AES128 -K foo.gpg -p3 3outputFile > ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > aespipe -d -e AES128 -K foo.gpg -p3 3< <( ./cleartext-1-line-gpg-passphrase-outputting-script ) outputFile > ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thanks for your help in enlighten me to a bid more of "shell-magic". :-) Seems for the "simple" 3< cases i just used the wrong order. The "process substitution"-cases gave me a headache at first (Just got syntax-errors). They don't seem work from a Shell-Script with "#!/bin/sh" as shebang. But after trying them on the commandline and then with "#!/bin/bash" as shebang they work like charm. :-)) "ls -la /bin/sh" shows a symlink to bash. Guess there are some compatibility things that can throw with stones. ;-) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 15:56:54 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EObfY-0004oV-LQ; Sun, 09 Oct 2005 15:56:52 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 15:56:30 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.196]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EObf2-0004kF-Am for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 15:56:20 +0200 Received: by qproxy.gmail.com with SMTP id p32so953436qba for ; Sun, 09 Oct 2005 06:54:27 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:mime-version:content-disposition:message-id:content-type:content-transfer-encoding; b=ee7xeJlljVJlPIyeZiRJYrgD6FgtcUfrxUCd8I/J/rufEbJNI8t3njTBhgoYYhGjp0BGLAiIT8fGFeFHo6IDnxR36HOiVT8bkRHxEEKKzCi0MWcompJ5Uo5tbQevRh28N+lSd70wnkw6oeaTpuwa/Wn56UJ0yC5wS1pco/170YA= Received: by 10.65.81.20 with SMTP id i20mr2635356qbl; Sun, 09 Oct 2005 06:54:27 -0700 (PDT) Received: from host213-124.pool8260.interbusiness.it ( [82.60.124.213]) by mx.gmail.com with ESMTP id p4sm2681554qba.2005.10.09.06.54.25; Sun, 09 Oct 2005 06:54:26 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Two keys for the same encrypted file Date: Sun, 9 Oct 2005 16:50:30 +0200 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200510091650.30091.kintho@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi all, I've a question for you. This is how I encrypt a file: head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --symmetric -a >/tmp/keyfile.gpg dd if=/dev/zero of=/tmp/file.img bs=1M count=10 head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ | losetup -e AES256 -K /tmp/keyfile.gpg /dev/loop1 /tmp/file.img mkfs.ext2 /dev/loop1 mount /dev/loop1 /mnt/crypt (This is my complete procedure, please check it out :) ) I want to use two different keys for encryption the single file, but one key must be have a time-limit validity. Is it possibile? Thanks in advance for the help. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 18:36:14 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOe9k-0005vL-PI; Sun, 09 Oct 2005 18:36:12 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 18:35:40 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOe93-0005uL-1a for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 18:35:29 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id C2333334AFD; Sun, 9 Oct 2005 19:35:16 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08121-16; Sun, 9 Oct 2005 19:35:09 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id D3531334B18; Sun, 9 Oct 2005 19:31:22 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 4324B67CCF; Sun, 9 Oct 2005 19:31:22 +0300 (EEST) Message-ID: <434945D9.88D598D9@users.sourceforge.net> Date: Sun, 09 Oct 2005 19:31:21 +0300 From: Jari Ruusu To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file References: <200510091650.30091.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto kinto wrote: > head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ > | gpg --symmetric -a >/tmp/keyfile.gpg > > dd if=/dev/zero of=/tmp/file.img bs=1M count=10 > > head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ > | losetup -e AES256 -K /tmp/keyfile.gpg /dev/loop1 /tmp/file.img Above "head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1" is completely unnecessary and unused here. Seems you are using file backed loop. Read-only mounting iso9960 images and such work fine with file backed loops. My advise is to avoid writable file backed loops. > I want to use two different keys for encryption the single file, but one > key must be have a time-limit validity. If you use public key crypto and specify multiple recipients when you encrypt the key file contents, then each recipient can use their gpg private key passphrase to unlock the key file contents. Time limit can be enforced by re-encrypting key file contents using different set of recipients. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Oct 09 23:40:05 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOitn-0001OP-6j; Sun, 09 Oct 2005 23:40:03 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Oct 2005 23:39:34 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.195]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOit9-0001Mp-UQ for linux-crypto@nl.linux.org; Sun, 09 Oct 2005 23:39:24 +0200 Received: by qproxy.gmail.com with SMTP id q10so1107549qbq for ; Sun, 09 Oct 2005 14:38:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=UGCVuVw9VA67Xh1GBx3cV0enD6jfXytOAzwlgPir2+2cMhlqP8OC53U28M9CI9Evjb8yfH3oZoSkhFtonD5G7LSDxnm3midcPiLXfXnQf+bbXFEYWKfeAV6UcSgJVdEwRAZMP3DlUpv00wU4yE7Fz2Jyx3fm7cuYBZ4BLl2cVn4= Received: by 10.64.185.6 with SMTP id i6mr2798063qbf; Sun, 09 Oct 2005 14:38:50 -0700 (PDT) Received: from host213-124.pool8260.interbusiness.it ( [82.60.124.213]) by mx.gmail.com with ESMTP id e11sm703253qbc.2005.10.09.14.38.48; Sun, 09 Oct 2005 14:38:49 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file Date: Mon, 10 Oct 2005 00:35:05 +0200 User-Agent: KMail/1.8.2 References: <200510091650.30091.kintho@gmail.com> <434945D9.88D598D9@users.sourceforge.net> In-Reply-To: <434945D9.88D598D9@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510100035.05398.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alle 18:31, domenica 9 ottobre 2005, Jari Ruusu ha scritto: > Above "head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n > 1" is completely unnecessary and unused here. Ok, but why? In LoopAes.README this is the procedure for a physical device. Aren't it valid for a file backed loop? > Seems you are using file backed loop. Read-only mounting iso9960 > images and such work fine with file backed loops. My advise is to > avoid writable file backed loops. Thanks for the suggestion. :) > If you use public key crypto and specify multiple recipients when you > encrypt the key file contents, then each recipient can use their gpg > private key passphrase to unlock the key file contents. Time limit > can be enforced by re-encrypting key file contents using different > set of recipients. Yes, this is a solution. But my problem is to give a time-limit access at some files backed loop with a key file distributed to specific allowed users. This acces must be time-limited (from 1 to 3 week by a specific date). No public or private key are available, there is only the gpg/pgp installation on the host (yes I use this file also on other o.s.). Is my explanation clearly? :) Thanks. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 00:13:46 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOjQP-0001N6-9D; Mon, 10 Oct 2005 00:13:45 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 00:13:33 +0200 (CEST) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOjQ0-0001Mc-O1 for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 00:13:20 +0200 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 3E65562A36; Mon, 10 Oct 2005 00:13:19 +0200 (CEST) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22587-10; Mon, 10 Oct 2005 00:13:10 +0200 (CEST) Received: from [192.168.100.3] (p548B1D3F.dip0.t-ipconnect.de [84.139.29.63]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id 07A1D62A33; Mon, 10 Oct 2005 00:13:09 +0200 (CEST) Message-ID: <434995F4.3000701@citd.de> Date: Mon, 10 Oct 2005 00:13:08 +0200 From: Matthias Schniedermeyer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file References: <200510091650.30091.kintho@gmail.com> <434945D9.88D598D9@users.sourceforge.net> <200510100035.05398.kintho@gmail.com> In-Reply-To: <200510100035.05398.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi > Yes, this is a solution. > But my problem is to give a time-limit access at some files backed loop > with a key file distributed to specific allowed users. This acces must > be time-limited (from 1 to 3 week by a specific date). No public or > private key are available, there is only the gpg/pgp installation on > the host (yes I use this file also on other o.s.). > Is my explanation clearly? :) I guess the/a solution to this depends on the exact circumstances (see below) I'd say the easiest 90-95% solution would be to NOT store the key on the target system, but to get it from a server under YOUR control (so you can be e.g. sure the clock is correct) everytime the filesystem is mounted. I'd say the most secure way would be using a SSH-connection, if you generate a key-pair for EVERY target system you have a quite good secured link over which to transfer the key, you wouldn't even need a gpg secured key. At least it doesn't need to be a gpg key while transfered over the SSH-link to the target system. In the easiest setup ssh <...> | mount -p0 ... It would be quite secure against an external attacker with no access to the target system or the server, but someone with enough knowledge and access privileges on the target system would be no problem at all to save the key to a file using the above command and later on use it a will. So i suggest you first think about against what attacks you have to "withstand", how resourceful a potential attacker is or may be, how much control you have over the target system, how much is the value of the information and how much is the cost or what are the risks when the time-limits are violated and last but not least much inevitable risk is acceptable(tm) as there is nothing like absolute security. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 13:41:18 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOw1r-000453-Qf; Mon, 10 Oct 2005 13:41:15 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 13:40:41 +0200 (CEST) Received: from fmmailgate05.web.de ([217.72.192.243]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EOw15-0003xr-2E for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 13:40:27 +0200 Received: by fmmailgate05.web.de (8.12.10/8.12.10/webde Linux 0.7) with ESMTP id j9ABcYK7026288 for ; Mon, 10 Oct 2005 13:38:34 +0200 Received: from [84.165.247.31] (helo=[192.168.0.20]) by smtp06.web.de with asmtp (TLSv1:RC4-MD5:128) (WEB.DE 4.105 #317) id 1EOvxo-0004so-00 for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 13:37:04 +0200 Message-ID: <434A5282.5060204@web.de> Date: Mon, 10 Oct 2005 13:37:38 +0200 From: Christian Holler User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051004 X-Accept-Language: de, de-de, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: loop-aes and known weaknesses X-Enigmail-Version: 0.92.0.0 OpenPGP: id=72720F15; url=www.keyserver.net Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Sender: christian_holler@web.de Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: christian_holler@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, After reading a lot I found out that there are still known weaknesses in loop-aes, although multi-v3-key mode should reduce the risk of some of these. Refering to http://clemens.endorphin.org/nmihde/nmihde-A4-os.pdf, there seem to be remarkable attack possibilities because of the weaknesses of CBC scheme in general. (see chapter 4 of the PDF) Are you planing to change loop-aes implementation to support also this new LRW patch or something that prevents these kind of attacks? Personally, I'd prefer if I could use this software because I think the developers know more about the stuff than some other people.. The best thing though would be if you develop together with the luks/dm-crypt people and create something even better than both of you could develop alone :) Hope to get a reply soon :) Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDSlKAJQIKXnJyDxURAjB3AJwL78JU/C7+t5SI2qGgfri0OVxKHgCgmEtx PEkMIhjO3dawGvO4pteYk1k= =SCyD -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 18:47:30 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP0oB-0001t0-Bj; Mon, 10 Oct 2005 18:47:27 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 18:46:39 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP0n2-0001rM-GB for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 18:46:16 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 93207334B90; Mon, 10 Oct 2005 19:46:01 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06539-12; Mon, 10 Oct 2005 19:45:53 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 57BDA334B85; Mon, 10 Oct 2005 19:43:50 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id BEC9E67CCF; Mon, 10 Oct 2005 19:43:49 +0300 (EEST) Message-ID: <434A9A45.FC980A5A@users.sourceforge.net> Date: Mon, 10 Oct 2005 19:43:49 +0300 From: Jari Ruusu To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file References: <200510091650.30091.kintho@gmail.com> <434945D9.88D598D9@users.sourceforge.net> <200510100035.05398.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto kinto wrote: > Alle 18:31, domenica 9 ottobre 2005, Jari Ruusu ha scritto: > > Above "head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n > > 1" is completely unnecessary and unused here. > > Ok, but why? In LoopAes.README this is the procedure for a physical > device. Aren't it valid for a file backed loop? Because the "head ... | uuencode ... | head ... | tail ..." pipe sends a random passphrase to stdin of losetup. By default, losetup prompts and reads a passphrase from controlling terminal, not stdin. If losetup is given a "-p0" command line parameter, then losetup reads a passphrase from stdin. In your example, if losetup were to read a random passphrase from stdin, then losetup would not be able to decrypt the gpg encrypted key file. Random passphrase is not same as the one you used to encrypt the key file. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 18:47:33 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP0oB-0001tA-Bj; Mon, 10 Oct 2005 18:47:27 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 18:46:41 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP0n2-0001ry-VI for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 18:46:17 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 94848334B28; Mon, 10 Oct 2005 19:46:16 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06028-17; Mon, 10 Oct 2005 19:46:09 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 4FEE0334B6F; Mon, 10 Oct 2005 19:44:24 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 1785F67CCF; Mon, 10 Oct 2005 19:44:24 +0300 (EEST) Message-ID: <434A9A68.8C1525FA@users.sourceforge.net> Date: Mon, 10 Oct 2005 19:44:24 +0300 From: Jari Ruusu To: Christian Holler Cc: linux-crypto@nl.linux.org Subject: Re: loop-aes and known weaknesses References: <434A5282.5060204@web.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_40 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Christian Holler wrote: > After reading a lot I found out that there are still known weaknesses > in loop-aes, although multi-v3-key mode should reduce the risk of some > of these. Ciphertext tampering attacks in CBC mode, and ciphertext copying attacks apply to some degree. Nothing new here. > Are you planing to change loop-aes implementation to support also this > new LRW patch or something that prevents these kind of attacks? No such plans yet. If adversary can modify ciphertext residing on local hard disk partition, then security game was already lost. > The best thing though would be if you develop together with the > luks/dm-crypt people and create something even better than both of you > could develop alone :) Mainline Linux folks are still years behind loop-AES. I think this sentence in the paper: "The attack was not taken seriously, especially not by me, as Jari Ruusu had no good reputation and was known to spread more confusion than facts." should really read as: "The attack was not taken seriously by clueless people, author included, as Jari Ruusu had a reputation of not tolerating people who prefer and recommend broken crypto implementations." -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 20:31:31 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP2Qr-0003Uz-Qo; Mon, 10 Oct 2005 20:31:29 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 20:31:06 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.196]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP2Q4-0003ON-Vi for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 20:30:41 +0200 Received: by qproxy.gmail.com with SMTP id p32so1194805qba for ; Mon, 10 Oct 2005 11:28:45 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=BaCXa9+Gj36/2mVu7TSpyB6wv5PyGkMlggIDWzwvBfzhVOd+0DKOklAkzwheTfvfuyEzLlX5GVfXO7Iog5Fl4Qt6EZ7IL5tpYAwpy3x4MmU08Pmo46S3h/etU8YEVkxDIStfG00qcpH11SQ58zVVN7j4BXEbPAkSD4mSt6bBMRA= Received: by 10.65.81.20 with SMTP id i20mr3404407qbl; Mon, 10 Oct 2005 11:28:45 -0700 (PDT) Received: from host244-14.pool871.interbusiness.it ( [87.1.14.244]) by mx.gmail.com with ESMTP id f16sm3442304qba.2005.10.10.11.28.44; Mon, 10 Oct 2005 11:28:44 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file Date: Mon, 10 Oct 2005 21:25:29 +0200 User-Agent: KMail/1.8.2 References: <200510091650.30091.kintho@gmail.com> <200510100035.05398.kintho@gmail.com> <434A9A45.FC980A5A@users.sourceforge.net> In-Reply-To: <434A9A45.FC980A5A@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510102125.29810.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alle 00:13, luned=EC 10 ottobre 2005, Matthias Schniedermeyer ha scritto: > I'd say the easiest 90-95% solution would be to NOT store the key on > the target system, but to get it from a server under YOUR control (so > you can be e.g. sure the clock is correct) everytime the filesystem > is mounted. > In the easiest setup [...] > > ssh <...> | mount -p0 ... This is the solution I choose to adopt. :-) The only problem is to write down a good bash script. Thanks. Alle 18:43, luned=EC 10 ottobre 2005, Jari Ruusu ha scritto: > Because the "head ... | uuencode ... | head ... | tail ..." pipe > sends a random passphrase to stdin of losetup. By default, losetup > prompts and reads a passphrase from controlling terminal, not stdin. > If losetup is given a "-p0" command line parameter, then losetup > reads a passphrase from stdin. Thanks, all clear about this question. If you want, can explain me this procedure (from loopAES.README -=20 Example 2): head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666 dd if=3D/dev/zero of=3D/dev/loop3 bs=3D4k conv=3Dnotrunc 2>/dev/null =20 The first encrypt the block device /dev/hda666 using a random passphrase=20 then, the second, fill all the partition with all zero. Is it right? The scope is to create a "base" on which write the encrypted data? All this to increase the safety of data encryption? Thanks again. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Oct 10 22:10:59 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP3z4-0004YL-EF; Mon, 10 Oct 2005 22:10:54 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Oct 2005 22:10:13 +0200 (CEST) Received: from ms-2.rz.rwth-aachen.de ([134.130.3.131] helo=ms-dienst.rz.rwth-aachen.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EP3y5-0004Wi-Sq for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 22:09:53 +0200 Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IO500A6WUOBYK@ms-dienst.rz.rwth-aachen.de> for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 22:09:48 +0200 (MEST) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Mon, 10 Oct 2005 22:09:47 +0200 (MEST) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id j9AK9lHN000296 for ; Mon, 10 Oct 2005 22:09:47 +0200 (MEST) Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 3EB735B7DB for ; Mon, 10 Oct 2005 22:09:47 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15517-02 for ; Mon, 10 Oct 2005 22:09:46 +0200 (CEST) Received: from tatooine.rebelbase.local (pc-69-158.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id BAAFF5B77A for ; Mon, 10 Oct 2005 22:09:46 +0200 (CEST) Received: from tatooine.rebelbase.local (localhost [127.0.0.1]) by tatooine.rebelbase.local (Postfix) with ESMTP id 575A727C077 for ; Mon, 10 Oct 2005 22:09:45 +0200 (CEST) Received: (from chef@localhost) by tatooine.rebelbase.local (8.13.1/8.12.10/Submit) id j9AK9jsX003085 for linux-crypto@nl.linux.org; Mon, 10 Oct 2005 22:09:45 +0200 Date: Mon, 10 Oct 2005 22:09:44 +0200 From: markus reichelt Subject: Re: Two keys for the same encrypted file In-reply-to: <200510102125.29810.kintho@gmail.com> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20051010200944.GA2357@dantooine> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; boundary=wac7ysb48OaltWcw; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: mutt-ng 1.5.9i (Linux) X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://bitfalle.org/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <200510091650.30091.kintho@gmail.com> <200510100035.05398.kintho@gmail.com> <434A9A45.FC980A5A@users.sourceforge.net> <200510102125.29810.kintho@gmail.com> X-Authentication-warning: tatooine.rebelbase.local: chef set sender to ml@bitfalle.org using -f Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@bitfalle.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --wac7ysb48OaltWcw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * kinto wrote: > head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ ^^^^^^^^^^^^ =20 > All this to increase the safety of data encryption? Regarding the use of /dev/urandom in crypto operations, please have a look at the thread at http://marc.theaimsgroup.com/?l=3Dgnupg-users&m=3D112873347315783&w=3D2 and especially at the last paragraph of my message.=20 Don't forget to check your system's init scripts for the initialization of /dev/urandom --=20 --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFDSsqILMyTO8Kj/uQRAv5wAJ9kYFsBzoNUxGbL7KSUOnIQ1fyO1QCfQLJ2 MWcNqmZO79jR8TVQuYXa8kc= =NHLw -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Oct 11 13:31:35 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPILz-0004SE-HD; Tue, 11 Oct 2005 13:31:31 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Oct 2005 13:30:39 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.206]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPIKv-0004Oj-3x for linux-crypto@nl.linux.org; Tue, 11 Oct 2005 13:30:25 +0200 Received: by qproxy.gmail.com with SMTP id p32so1373622qba for ; Tue, 11 Oct 2005 04:29:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=nET7HiMkK0e3LnDB5KhxAezElNOUF8wBUlt8mrEG6Foc8oJ4NqUNnyEhxUnkPH2K3eVbjWkz1VbIlHMiX9pnMfBmyt7ySz9qjQEQ9CYmp8DC/hzARvzOvACOR2ytC26s2Q87OJyESOYidIX3svE8821TNBkwfF3nMPHNMhloH4A= Received: by 10.65.53.10 with SMTP id f10mr3907335qbk; Tue, 11 Oct 2005 04:29:20 -0700 (PDT) Received: from host28-82.pool8261.interbusiness.it ( [82.61.82.28]) by mx.gmail.com with ESMTP id f12sm350946qba.2005.10.11.04.29.19; Tue, 11 Oct 2005 04:29:20 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file Date: Tue, 11 Oct 2005 14:26:14 +0200 User-Agent: KMail/1.8.2 References: <200510091650.30091.kintho@gmail.com> <200510102125.29810.kintho@gmail.com> <20051010200944.GA2357@dantooine> In-Reply-To: <20051010200944.GA2357@dantooine> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510111426.14941.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alle 22:09, luned=EC 10 ottobre 2005, markus reichelt ha scritto: > Regarding the use of /dev/urandom in crypto operations, please have a > look at the thread at > http://marc.theaimsgroup.com/?l=3Dgnupg-users&m=3D112873347315783&w=3D2 a= nd > especially at the last paragraph of my message. I've read that message. Intersting but my question is about the concept, not specifically=20 urandom as source of entropy. > Don't forget to check your system's init scripts for the > initialization of /dev/urandom Urandom debian script seem like slackware script. What is the solution?=20 Sholud we use /dev/random instead of /dev/urandom? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Oct 11 13:49:18 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPIdA-0005bQ-A1; Tue, 11 Oct 2005 13:49:16 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Oct 2005 13:48:40 +0200 (CEST) Received: from altf4.org ([213.203.244.94] ident=postfix) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPIcR-0005aw-Pa for linux-crypto@nl.linux.org; Tue, 11 Oct 2005 13:48:31 +0200 Received: from newt.tube.local (i577B07EC.versanet.de [87.123.7.236]) by altf4.org (Postfix) with ESMTP id DBCD31E038; Tue, 11 Oct 2005 13:48:27 +0200 (CEST) Received: by newt.tube.local (Postfix, from userid 242) id 1BDB5180159F; Tue, 11 Oct 2005 13:48:27 +0200 (CEST) Date: Tue, 11 Oct 2005 13:48:27 +0200 From: Tobias Walkowiak To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: Re: Two keys for the same encrypted file Message-ID: <20051011114827.GA19897@count0.net> Reply-To: tw@tobias-walkowiak.de References: <200510091650.30091.kintho@gmail.com> <200510102125.29810.kintho@gmail.com> <20051010200944.GA2357@dantooine> <200510111426.14941.kintho@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200510111426.14941.kintho@gmail.com> User-Agent: Mutt/1.5.11 Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: tw@tobias-walkowiak.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On Tue, Oct 11, 2005 at 02:26:14PM +0200, kinto wrote: > > Urandom debian script seem like slackware script. What is the solution? > Sholud we use /dev/random instead of /dev/urandom? in case you have sufficient entropy - yes ;) -- [id] tw@tobias-walkowiak.de [net place] www.tobias-walkowiak.de [gpg fingerprint] 02D4 BEF0 988A 7E32 8A16 A244 B2B6 0C2E 25B2 0A1E [message] ><> Jesus loves you <>< - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Oct 11 16:27:49 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPKvm-0008Dl-Vk; Tue, 11 Oct 2005 16:16:39 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Oct 2005 16:16:10 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPKuv-0008Bb-5a for linux-crypto@nl.linux.org; Tue, 11 Oct 2005 16:15:45 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id E08AE334B72; Tue, 11 Oct 2005 17:15:41 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08148-02; Tue, 11 Oct 2005 17:15:33 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 8906C334B94; Tue, 11 Oct 2005 17:14:44 +0300 (EEST) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id D451267CCF; Tue, 11 Oct 2005 17:14:43 +0300 (EEST) Message-ID: <434BC8D3.E581BE2D@users.sourceforge.net> Date: Tue, 11 Oct 2005 17:14:43 +0300 From: Jari Ruusu To: kinto Cc: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file References: <200510091650.30091.kintho@gmail.com> <200510100035.05398.kintho@gmail.com> <434A9A45.FC980A5A@users.sourceforge.net> <200510102125.29810.kintho@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto kinto wrote: > If you want, can explain me this procedure (from loopAES.README - > Example 2): > > head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ > | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666 > dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null > > The first encrypt the block device /dev/hda666 using a random passphrase > then, the second, fill all the partition with all zero. Is it right? > The scope is to create a "base" on which write the encrypted data? > All this to increase the safety of data encryption? That example pulls low quality random passphrase from /dev/urandom, and then fills the partition with encrypted zeroes. Then encrypted loop is set up again using your real high quality keys, and encrypted file system is created there. Intent is to fill unused space with random looking junk so that adversary can't detect what parts of the filesystem have been written. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Oct 12 17:57:49 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPizC-0003nj-BC; Wed, 12 Oct 2005 17:57:46 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 12 Oct 2005 17:56:57 +0200 (CEST) Received: from ms-2.rz.rwth-aachen.de ([134.130.3.131] helo=ms-dienst.rz.rwth-aachen.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPiy6-0003mX-HX for linux-crypto@nl.linux.org; Wed, 12 Oct 2005 17:56:38 +0200 Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IO9006GB8A025@ms-dienst.rz.rwth-aachen.de> for linux-crypto@nl.linux.org; Wed, 12 Oct 2005 17:56:24 +0200 (MEST) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Wed, 12 Oct 2005 17:56:23 +0200 (MEST) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id j9CFuN7s025700 for ; Wed, 12 Oct 2005 17:56:23 +0200 (MEST) Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 5F46E5B7D5 for ; Wed, 12 Oct 2005 17:56:23 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26848-02 for ; Wed, 12 Oct 2005 17:56:22 +0200 (CEST) Received: from tatooine.rebelbase.local (pc-69-158.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id CFDEF5B77A for ; Wed, 12 Oct 2005 17:56:22 +0200 (CEST) Received: from tatooine.rebelbase.local (localhost [127.0.0.1]) by tatooine.rebelbase.local (Postfix) with ESMTP id 05A1427C077 for ; Wed, 12 Oct 2005 17:56:22 +0200 (CEST) Received: (from chef@localhost) by tatooine.rebelbase.local (8.13.1/8.12.10/Submit) id j9CFuLFe003779 for linux-crypto@nl.linux.org; Wed, 12 Oct 2005 17:56:21 +0200 Date: Wed, 12 Oct 2005 17:56:21 +0200 From: markus reichelt Subject: Re: Two keys for the same encrypted file In-reply-to: <200510111426.14941.kintho@gmail.com> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20051012155621.GC2050@dantooine> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; boundary=Clx92ZfkiYIKRjnr; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: mutt-ng 1.5.9i (Linux) X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://bitfalle.org/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <200510091650.30091.kintho@gmail.com> <200510102125.29810.kintho@gmail.com> <20051010200944.GA2357@dantooine> <200510111426.14941.kintho@gmail.com> X-Authentication-warning: tatooine.rebelbase.local: chef set sender to ml@bitfalle.org using -f Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@bitfalle.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --Clx92ZfkiYIKRjnr Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * kinto wrote: > Alle 22:09, luned=EC 10 ottobre 2005, markus reichelt ha scritto: > > Regarding the use of /dev/urandom in crypto operations, please > > have a look at the thread at > > http://marc.theaimsgroup.com/?l=3Dgnupg-users&m=3D112873347315783&w=3D2 > > and especially at the last paragraph of my message. >=20 > I've read that message. > Intersting but my question is about the concept, not specifically=20 > urandom as source of entropy. Regarding /dev/urandom as a source of entropy the way it is set up in most linux distribution is a good joke :-) That's all I wanted to point out. However, if it's used to wipe a HDD, fine with me cos that has not much todo with crypto stuff. And Jari basically agreed, IIRC. > > Don't forget to check your system's init scripts for the > > initialization of /dev/urandom > Urandom debian script seem like slackware script. What is the solution?= =20 > Sholud we use /dev/random instead of /dev/urandom? Like Tobias already said, it depends on how /dev/random is set up, if it is at all. On some systems there's even /dev/hwrandom, which I would prefer were it present on all my systems. I believe some VIA systems have that ability; I operate a Nehemiah System on a patched 2.6.7 kernel which only has /dev/urandom /dev/random & /hwtrap (whatever that's for). What this boils down to is crypto scripts - one has to be aware of obvious snares. If one writes his own init routines & scripts or continues using distro stuff it totally up to the user. If you initialize /dev/urandom yourself by making sure that the same data is not reused again in crypto ops it's ok. Same applies to /dev/random, which should be ok to use. If I need some pseudo-random data I generate it on the spot. To clarify things regarding loop-aes: It's ok to re-use pseudo-random data to wipe some HDD. It's a totally different issue to re-use pseudo-random data to do real encryption stuff; one shall not use the very same gpg-key to encrypt more than one partition, either. Simply put: If in doubt, just create one more chunk of pseudo-random data; this never is a bad idea, and it doesn't hurt to have used an additional gpg-key if it comes to system compromise. --=20 --Clx92ZfkiYIKRjnr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFDTTIlLMyTO8Kj/uQRAji+AJ9ZxCQ5//uerm+cS5yACWsC7vz5VwCgjHGa ECFW5EMQV+IOVSuarxjOo1o= =1wyY -----END PGP SIGNATURE----- --Clx92ZfkiYIKRjnr-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Oct 13 00:04:31 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPoi2-0002oE-Gn; Thu, 13 Oct 2005 00:04:26 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 13 Oct 2005 00:03:54 +0200 (CEST) Received: from qproxy.gmail.com ([72.14.204.203]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EPohI-0002n3-JJ for linux-crypto@nl.linux.org; Thu, 13 Oct 2005 00:03:41 +0200 Received: by qproxy.gmail.com with SMTP id q10so347097qbq for ; Wed, 12 Oct 2005 15:03:32 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=m10B4BWU4asVJFHObL/OTuKmtHtRfgbOuS2GZBA31Ie222vy/JwkQmR7DfSChtp5Y2DwMbZwVScNVEVRn/XyrFbUn4e8bszcOZgmCcjSQDvBQhtxEjARJk3XOdLUVqI2jRq2bWuOAkOaixepDhesNK8qVR/OjtWphBanQDKmrNI= Received: by 10.64.195.18 with SMTP id s18mr385648qbf; Wed, 12 Oct 2005 06:21:15 -0700 (PDT) Received: from host44-106.pool8257.interbusiness.it ( [82.57.106.44]) by mx.gmail.com with ESMTP id q14sm3922010qbq.2005.10.12.06.21.14; Wed, 12 Oct 2005 06:21:15 -0700 (PDT) From: kinto To: linux-crypto@nl.linux.org Subject: Re: Two keys for the same encrypted file Date: Wed, 12 Oct 2005 16:18:33 +0200 User-Agent: KMail/1.8.2 References: <200510091650.30091.kintho@gmail.com> <200510102125.29810.kintho@gmail.com> <434BC8D3.E581BE2D@users.sourceforge.net> In-Reply-To: <434BC8D3.E581BE2D@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510121618.33734.kintho@gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kintho@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alle 16:14, marted=EC 11 ottobre 2005, Jari Ruusu ha scritto: > Intent is to fill unused space with random looking junk so that > adversary can't detect what parts of the filesystem have been > written. Thanks for the explanation. Alle 13:48, marted=EC 11 ottobre 2005, Tobias Walkowiak ha scritto: > in case you have