From linux-crypto-bounce@nl.linux.org Fri Sep 01 12:35:54 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GJ6NC-0004nq-TM; Fri, 01 Sep 2006 12:35:42 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 01 Sep 2006 12:34:59 +0200 (CEST) Received: from web54003.mail.yahoo.com ([206.190.36.227]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1GJ6Ls-0004kT-Ig for linux-crypto@nl.linux.org; Fri, 01 Sep 2006 12:34:20 +0200 Received: (qmail 71492 invoked by uid 60001); 1 Sep 2006 10:26:59 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=JNRXsCPndAV/0O+CrnP/cuSc22OJHKETWQhE4OdmmkxVJVCmFLUZiM9SIIApYNIj7tCx+348O3d6i7yN1dX4xaLEeGoGoYzBuM2zq2okKln2jwVsc/0zClCvxYV7NVE1twtrdgjLLAX3X0Eoe7m8EzcQtJaDRyt0Q5Fskylddf8= ; Message-ID: <20060901102659.71490.qmail@web54003.mail.yahoo.com> Received: from [194.219.186.152] by web54003.mail.yahoo.com via HTTP; Fri, 01 Sep 2006 03:26:59 PDT Date: Fri, 1 Sep 2006 03:26:59 -0700 (PDT) From: Phil H Subject: Using particular gcc version to compile loop.o To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-597155410-1157106419=:70804" Content-Transfer-Encoding: 8bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: philtickle200@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-597155410-1157106419=:70804 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit How do I tell make to use a particular gcc version on my machine (to match the one my running kernle was compiled with)? I don't think there is a CC=gcc-x.xx line in the makefile. Do I just set a CC environment variable? --------------------------------- How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call rates. --0-597155410-1157106419=:70804 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit How do I tell make to use a particular gcc version on my machine (to match the one my running kernle was compiled with)?

I don't think there is a CC=gcc-x.xx line in the makefile.  Do I just set a CC environment variable?

How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call rates. --0-597155410-1157106419=:70804-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 01 16:27:43 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GJ9zd-0007yK-NF; Fri, 01 Sep 2006 16:27:37 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 01 Sep 2006 16:27:11 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GJ9yp-0007wq-Rf for linux-crypto@nl.linux.org; Fri, 01 Sep 2006 16:26:47 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 03DE23EC2D6; Fri, 1 Sep 2006 17:26:43 +0300 (EEST) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16867-10; Fri, 1 Sep 2006 17:26:41 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id EF3963EEBDA; Fri, 1 Sep 2006 17:26:40 +0300 (EEST) Message-ID: <44F8431F.118CAA7B@users.sourceforge.net> Date: Fri, 01 Sep 2006 17:26:39 +0300 From: Jari Ruusu To: Phil H Cc: linux-crypto@nl.linux.org Subject: Re: Using particular gcc version to compile loop.o References: <20060901102659.71490.qmail@web54003.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Phil H wrote: > How do I tell make to use a particular gcc version on my machine (to match > the one my running kernle was compiled with)? > > I don't think there is a CC=gcc-x.xx line in the makefile. Do I just set a > CC environment variable? If you set CC=gcc-x.xx in your kernel Makefile, then it will be used automatically. If you (or some build script) passed it as command line parameter to your kernel build make command, then you need to add that same CC=gcc-x.xx command line parameter to loop-AES build make command as well. Additional ciphers package make command needs it too. Example: make LINUX_SOURCE=/usr/src/linux-foo KEYSCRUB=y CC=gcc-3.3 -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 01 18:47:39 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GJCB3-0001mQ-Kv; Fri, 01 Sep 2006 18:47:33 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 01 Sep 2006 18:47:12 +0200 (CEST) Received: from sunu.rnc.ro ([193.230.31.220]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1GJCAQ-0001kx-BY for linux-crypto@nl.linux.org; Fri, 01 Sep 2006 18:46:54 +0200 Received: (qmail 8344 invoked by uid 3553); 1 Sep 2006 16:41:34 -0000 Date: 1 Sep 2006 16:41:34 -0000 Message-ID: <20060901164134.8343.qmail@sunu.rnc.ro> To: linux-crypto@nl.linux.org From: "cristih" Subject: This is an autoreply...[Re: Returned mail: Data format error] Precedence: junk Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cristih@rnc.ro Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, This email address is no longer available. If you want to contact me please use my new email cristih_ro from yahoo.com. -- Kind Regards, cristih -- Powered by ROTLD (http://www.rotld.ro) - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 07 08:40:09 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GLDYQ-0003vk-5M; Thu, 07 Sep 2006 08:40:02 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 07 Sep 2006 08:39:20 +0200 (CEST) Received: from shawmail.shawcable.com ([64.59.128.220] helo=bpd2mo1no.prod.shawcable.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GLDXX-0003tw-3L for linux-crypto@nl.linux.org; Thu, 07 Sep 2006 08:39:07 +0200 Received: from bpd2ms2no.prod.shawcable.com (bpd2ms2no-qfe2.prod.shawcable.com [10.0.185.131]) by bpd2mo1no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J5700LE9MG7DR30@bpd2mo1no.prod.shawcable.com> for linux-crypto@nl.linux.org; Thu, 07 Sep 2006 00:38:31 -0600 (MDT) Received: from autoreply-daemon.l-daemon by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) id <0J5700B02MG7V8@l-daemon> for linux-crypto@nl.linux.org; Thu, 07 Sep 2006 00:38:31 -0600 (MDT) Date: Thu, 07 Sep 2006 00:38:31 -0600 (MDT) From: webmaster@elfordconsulting.com Subject: RE: Document In-reply-to: <0J57004UJMFZE680@bpd2mi4no.prod.shawcable.com> To: linux-crypto@nl.linux.org Message-id: <0J5700B03MG7V8@l-daemon> Content-type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: webmaster@elfordconsulting.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Your e-mail has been successfully received. Please note that the new e-mail address for Vladimir Mikenine will be - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 14 06:23:20 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GNikm-0004Ml-Fm; Thu, 14 Sep 2006 06:23:08 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 14 Sep 2006 06:22:21 +0200 (CEST) Received: from vsmtp14.tin.it ([212.216.176.118]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GNifj-0003i0-6p for linux-crypto@nl.linux.org; Thu, 14 Sep 2006 06:17:55 +0200 Received: from pswm16.cp.tin.it (192.168.70.64) by vsmtp14.tin.it (7.2.072.1) id 45056F47000CD081; Thu, 14 Sep 2006 06:15:34 +0200 Message-ID: <10daa89673a.jansemail@virgilio.it> Date: Thu, 14 Sep 2006 05:15:34 +0100 (GMT+01:00) From: "U.C IGWE" Reply-To: mertcorp@netscape.net Subject: Email from U.C Mime-Version: 1.0 Content-Type: text/plain;charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: 62.56.140.71 Bcc: Received-SPF: X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=1.7 required=5.0 tests=BAYES_60,MISSING_HEADERS, RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jansemail@virgilio.it Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello My name is U.C IGWE I am very happy to get to you. Ireside in Portharcourt Nigeria Hope you'll get the email. I really want to get into a serious relationship. We can get to know each other?. I do not have any private picture profile. However I can send some nice pics. I work with the Arik Air as a ticketing salelady. I am single. I really want to hear from you. I want you to be serious about this email and I need long term relationship. Your response will determine how far we can go. Mum works with the external affairs ministry at Abuja . She's a nice woman. Dad is works with construction firm over here. Life has been good,Though I want to get more experince and contribute my bit. I do not want to write more. You can call me now or anytime on 234-80- 36743028 Add me yahoo messenger with universalconsule1997 You can call me tomorrow afternoon I want you to respond and let's get to know each other. Take care Best Regards - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 14 12:44:37 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GNohn-0002Vn-Cz; Thu, 14 Sep 2006 12:44:27 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 14 Sep 2006 12:43:23 +0200 (CEST) Received: from tapuz.safe-mail.net ([213.8.161.230]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GNogI-0002N0-4D for linux-crypto@nl.linux.org; Thu, 14 Sep 2006 12:42:54 +0200 Received: from www.Safe-mail.net by tapuz.safe-mail.net with Safe-mail (Exim 4.52) id 1GNnT1-0005xp-7r for linux-crypto@nl.linux.org; Thu, 14 Sep 2006 05:25:07 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net; b=Or7oAg/48qq+aSG9ybEjV2KnG+mGTxhG9beOAFikNgWiTTsD9XcxtekhYKWq3q92 NfW54nASl0HHN2xu+VqBCRzHIVShWNUq14ksCgQzA5UNt2SQRQ2/CbyngmyuSRp3 gcthRPlfSAd7pq2Vqp47vCxNbLF5C8TmBC/un8xRf+I=; Received: from pc ([84.130.74.96]) by Safe-mail.net with https Subject: firefox is up/downloading something unauthorized-- logfiles non-proxy-use Date: Thu, 14 Sep 2006 11:25:06 +0200 From: reverend@Safe-mail.net To: linux-crypto@nl.linux.org X-SMType: Regular X-SMRef: N1-LbMO3Ds4sS Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-SMSignature: w6scktfEOwKFmgOWW8rEDjo21lJSKplUaDwfvlWKXff5wGrNkKMY5TIbEaW/Lg+0 oANrp0FCs8faOTbfcretX7QmPFNBfmVWeyg8Y4RwZrYvajbYOOurB2lqxklc15+b Zy4/1A+YtFOUIo534X8UW4kYTqgR0s2w1pZ/bL/HsBg= Received-SPF: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: reverend@Safe-mail.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Yes, I know that this forum is about crypto-stuff, but those who are using strong encryption should be very careful about what is happening when their data is clear.- Situation: My (new) router needs javascript and preferes Mozilla, so I installed firefox with bad feelings. Privoxy-proxy was disabled in firefox and it was used only for that crappy router. All configurable settings EXPLICITLY DISALLOW any updating (ask what to do, instead) and, of course, the startpage was that from the router, not from mozilla. When fighting with shitty-xine, suddenly and without any question, firefox fetched or transfered something to or from the internet and a short message said something from "upgrading". Because the local-proxy was disabled for the local router, no log was used. This is especially suspicious, because I just made all updates for my subdistri short ago. I am deinstalling firefox now, as I can make a router-workaround in konqueror. Another warning about user-agent-transmitting in Netscape clones: I realized years ago in netscape 4.7-or-so, that deleting the user-agent-string somewhere in netscape really forbid the transmission of the user-agent in normal-use, but when a ssl-request is initiated from the webside another user-agent from another netscape-program-location is transmitting the user-agent-string ! After searching and deleting that second user-agent-string with hexedit, that rat-hole was filled; this still maybe the case today. How did I checked the transmission of user-agent-string via ssl ? I made an email-account at safe-mail.net and looked in the log-area of my own last-login. Ideas of making a logfile for, at least, all that is send via what-ever-protocol towards the internet ???? Even debian is not free of shitware...... stay aware, stay awake, stay alive, Reverend - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 15 10:39:14 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GO9E0-0003dU-Hd; Fri, 15 Sep 2006 10:39:04 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 15 Sep 2006 10:37:52 +0200 (CEST) Received: from pcwi4002.uni-muenster.de ([128.176.159.107]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GO9CO-0003ZM-4m for linux-crypto@nl.linux.org; Fri, 15 Sep 2006 10:37:24 +0200 Received: by pcwi4002.uni-muenster.de (Postfix, from userid 1000) id 6F27040636; Fri, 15 Sep 2006 10:37:22 +0200 (CEST) From: Jens Lechtenboerger To: linux-crypto@nl.linux.org Subject: Disk encryption best practices? Date: Fri, 15 Sep 2006 10:37:22 +0200 Message-ID: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: lechten@wi.uni-muenster.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi there, I'm about to encrypt my disk with loop-aes, and I'm wondering whether this is a clever move: 1. The introduction (in German) at http://wiki.chaostreff.ch/index.php/Festplattenverschl%C3%BCsselung recommends not to use AES but to prefer Twofish. In addition, GnuPG uses CAST5 as default for symmetric encryption. What is the state-of-the-art here? 2. The text at http://mareichelt.de/pub/texts.cryptoloop.php warns against mainline cryptoloop: "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are vulnerable, and even recent dm-crypt still suffers from a weak crypto implementation." What is weak here? 3. The German Linux-Magazin 10/06 (http://www.linux-magazin.de) features an article by Peter Gutmann and Christian Ney, where they analyze different types of crypto filesystems. They recommend Truecrypt, dm-crypt is second, and they essentially warn against loop-aes: They state that the code is complex and written in such a way that it is difficult to judge whether it does what it is supposed to do. In addition, return values are never checked (e.g., when computing encryption keys), which might lead to a key consisting of just zeros. However, the code is so sloppy that programs are more likely to crash with null-pointer dereferences than to use empty keys. Besides, they complain that by default passwords are not salted and password hash iterations are not used. The part about code quality sounds scary. Opinions? Concerning salting and iterations, for my root partition, I just have to uncomment to lines in build-initrd.sh, right? Concerning Example 2 in the loop-aes README (partition backed loop with gpg encrypted keys), I get salting and iterations with the gpg patch provided with loop-aes, right? I'm curious... Jens - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 15 12:30:00 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOAxH-0002tX-52; Fri, 15 Sep 2006 12:29:55 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 15 Sep 2006 12:29:32 +0200 (CEST) Received: from ns1.nimr.mrc.ac.uk ([194.80.106.135]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOAwT-0002is-HB for linux-crypto@nl.linux.org; Fri, 15 Sep 2006 12:29:05 +0200 Received: ESMTP id k8FAKU616198; Fri, 15 Sep 2006 11:20:30 +0100 (BST) Received: from [192.168.70.2] (unknown [192.168.2.1]) by uist.mathbio.nimr (Postfix) with ESMTP id F197E79704; Fri, 15 Sep 2006 11:20:29 +0100 (BST) Message-ID: <450A7FFF.4060200@cbu.uib.no> Date: Fri, 15 Sep 2006 11:27:11 +0100 From: =?ISO-8859-1?Q?Gisle_S=E6lensminde?= User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jens Lechtenboerger Cc: linux-crypto@nl.linux.org Subject: Re: Disk encryption best practices? References: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> In-Reply-To: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIMR1-MailScanner: Found to be clean X-NIMR-MailScanner-From: gisle@cbu.uib.no Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: gisle@cbu.uib.no Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jens Lechtenboerger wrote: >Hi there, > >I'm about to encrypt my disk with loop-aes, and I'm wondering >whether this is a clever move: > >1. The introduction (in German) at > http://wiki.chaostreff.ch/index.php/Festplattenverschl%C3%BCsselung > recommends not to use AES but to prefer Twofish. > In addition, GnuPG uses CAST5 as default for symmetric > encryption. > > What is the state-of-the-art here? > > > AES has no known weaknesses, is quite fast, and is the most analyzed of those algorithms, so most cryprographers would recommend AES. Twofish was one of the five final algorithms in the AES competition, and is quite well analyzed as well, but less than AES (or Rijndael, as it was known as during the competition). Twofish has gained some popularity in the open source circles, and can as well be used instead of AES, but there is no reason to recomend it over AES/Rijndael. CAST5 was also a candidate for AES, but did not make it to the final, and is thus less well analyzed than the other. That is not saying that it is broken in any way, but I would prefere AES or Twofish. >2. The text at http://mareichelt.de/pub/texts.cryptoloop.php > warns against mainline cryptoloop: > "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are > vulnerable, and even recent dm-crypt still suffers from a weak > crypto implementation." > > What is weak here? > > > A weak IV scheme made it possible for an attacker with access to the raw storage to see which bytes of a block that was the first modified, but not see what the change was. Newer loop-aes implementations has fixed this problem. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 15 13:07:21 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOBW6-0003PA-SX; Fri, 15 Sep 2006 13:05:54 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 15 Sep 2006 13:05:39 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOBUV-0000nE-N6 for linux-crypto@nl.linux.org; Fri, 15 Sep 2006 13:04:15 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 494293EDAA3; Fri, 15 Sep 2006 13:32:06 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvqJCfj6WDzD; Fri, 15 Sep 2006 13:32:00 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 746D63EE97A; Fri, 15 Sep 2006 13:32:00 +0300 (EEST) Message-ID: <450A811F.11CEFF9C@users.sourceforge.net> Date: Fri, 15 Sep 2006 13:31:59 +0300 From: Jari Ruusu To: Jens Lechtenboerger Cc: linux-crypto@nl.linux.org Subject: Re: Disk encryption best practices? References: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jens Lechtenboerger wrote: > 1. The introduction (in German) at > http://wiki.chaostreff.ch/index.php/Festplattenverschl%C3%BCsselung > recommends not to use AES but to prefer Twofish. > In addition, GnuPG uses CAST5 as default for symmetric > encryption. > > What is the state-of-the-art here? Both AES and twofish are good. AES is little bit faster. > 2. The text at http://mareichelt.de/pub/texts.cryptoloop.php > warns against mainline cryptoloop: > "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are > vulnerable, and even recent dm-crypt still suffers from a weak > crypto implementation." > > What is weak here? http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2 Above mentioned IV computation weakness is fixed in newer dm-crypt versions, but the IV is still non-changing (for same sector number), which leaks location of changed data in some unusual situations. In normal use that is not a big problem. > 3. The German Linux-Magazin 10/06 (http://www.linux-magazin.de) > features an article by Peter Gutmann and Christian Ney, where > they analyze different types of crypto filesystems. They > recommend Truecrypt, dm-crypt is second, and they essentially > warn against loop-aes: I tried to look for that Linux-Magazin article, but I didn't find it on-line. Do you have a URL for it? > They state that the code is complex and written in such a way > that it is difficult to judge whether it does what it is supposed > to do. In other words, they didn't spend enough time to understand it. > In addition, return values are never checked (e.g., when > computing encryption keys), Prototype for that particular key setup function: extern void aes_set_key(aes_context *, const unsigned char [], const int, const int); It returns void type, so there isn't much return value to check. > which might lead to a key consisting of just zeros. No it doesn't. > However, the code is so sloppy that programs are > more likely to crash with null-pointer dereferences than to use > empty keys. What null-pointer dereferences? That code has been running on my boxes for more than 5 years, and during that time it has NEVER dereferenced null-pointer. That pointer math looks kinky, especially when runtime key scrubbing is enabled, but to my knowledge it is 100% correct. > Besides, they complain that by default passwords are > not salted and password hash iterations are not used. Loop-AES has supported salted+iterated passphrase hashing for many years. For long time, the recommended way has been to use gpg encrypted key files. gpg does salted+iterated passphrase hashing as a countermeasure against optimized dictionary attacks. Maybe they just didn't bother to read the README file? > The part about code quality sounds scary. Opinions? Difficult to understand? Maybe. Bad quality? Definitely no. > Concerning salting and iterations, for my root partition, I just > have to uncomment to lines in build-initrd.sh, right? > Concerning Example 2 in the loop-aes README (partition backed > loop with gpg encrypted keys), I get salting and iterations with > the gpg patch provided with loop-aes, right? Please leave those PSEED= and ITERCOUNTK= commented out in build-initrd.sh script. They had some use many years ago, and they are still there for sake of compatibility. There might still be someone using them. gpg does passphrase salting + iterations for you. Even unpatched gpg does that. The gpg patch makes gpg do 128 times more iterations that normally while still being compatible with RFC2440 spec. You do NOT want to do salting+iterations again in losetup/mount for second time, because actual loop encryption keys that gpg decrypts for you are high quality random keys that originally came from /dev/random. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 15 13:46:32 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOC9H-0001BV-AM; Fri, 15 Sep 2006 13:46:23 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 15 Sep 2006 13:45:58 +0200 (CEST) Received: from pcwi4002.uni-muenster.de ([128.176.159.107]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOC8U-00019M-R7 for linux-crypto@nl.linux.org; Fri, 15 Sep 2006 13:45:34 +0200 Received: by pcwi4002.uni-muenster.de (Postfix, from userid 1000) id C11E744FD2; Fri, 15 Sep 2006 13:45:29 +0200 (CEST) From: Jens Lechtenboerger To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: Disk encryption best practices? References: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> <450A811F.11CEFF9C@users.sourceforge.net> Date: Fri, 15 Sep 2006 13:45:29 +0200 In-Reply-To: <450A811F.11CEFF9C@users.sourceforge.net> (Jari Ruusu's message of "Fri, 15 Sep 2006 13:31:59 +0300") Message-ID: <87wt85pd46.fsf@pcwi4002.uni-muenster.de> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: lechten@wi.uni-muenster.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > [...] > I tried to look for that Linux-Magazin article, but I didn't find it > on-line. Do you have a URL for it? I'm afraid it's not available online. Many thanks for your answers. Jens - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 16 13:59:56 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOYpp-0005vO-VL; Sat, 16 Sep 2006 13:59:50 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 16 Sep 2006 13:59:09 +0200 (CEST) Received: from ns2.g-housing.de ([81.169.133.75] helo=mail.g-house.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOYos-0005tB-Iq for linux-crypto@nl.linux.org; Sat, 16 Sep 2006 13:58:50 +0200 Received: from [82.41.152.154] (helo=82-41-152-154.cable.ubr01.linl.blueyonder.co.uk) by mail.g-house.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1GOYFg-0008Ho-UX for linux-crypto@nl.linux.org; Sat, 16 Sep 2006 13:22:29 +0200 Date: Sat, 16 Sep 2006 12:22:23 +0100 (BST) From: Christian Kujau X-X-Sender: evil@sheep.housecafe.de To: linux-crypto@nl.linux.org Subject: Re: firefox is up/downloading something unauthorized-- logfiles non-proxy-use In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: evil@g-house.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On Thu, 14 Sep 2006, reverend@Safe-mail.net wrote: > When fighting with shitty-xine, suddenly and without any question, firefox fetched or > transfered something to or from the internet and a short message said something from > "upgrading". if firefox does something (upgrading) what it's not supposed to do (you disabled auto-update, right? not sure if you have to restart ffox after the change), file a bug @firefox bugzilla. > After searching and deleting that second user-agent-string with hexedit, that rat-hole > was filled; this still maybe the case today. well, if you're curious about it: try it out ;-) > Ideas of making a logfile for, at least, all that is send via what-ever-protocol towards > the internet ???? Either strace(1) the mozilla process or tcpdump(8) the network traffic. > Even debian is not free of shitware...... that's why we're all invited to make it better. Christian. -- BOFH excuse #63: not properly grounded, please bury computer - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Sep 17 16:23:34 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOxYL-0006Ds-Ud; Sun, 17 Sep 2006 16:23:25 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 17 Sep 2006 16:22:45 +0200 (CEST) Received: from mail-in-06.arcor-online.net ([151.189.21.46] helo=mail-in-01.arcor-online.net) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOxXQ-0006CM-Bl for linux-crypto@nl.linux.org; Sun, 17 Sep 2006 16:22:28 +0200 Received: from mail-in-05-z2.arcor-online.net (mail-in-05-z2.arcor-online.net [151.189.8.17]) by mail-in-01.arcor-online.net (Postfix) with ESMTP id 0FB821B74CC for ; Sun, 17 Sep 2006 11:39:35 +0200 (CEST) Received: from mail-in-04.arcor-online.net (mail-in-04.arcor-online.net [151.189.21.44]) by mail-in-05-z2.arcor-online.net (Postfix) with ESMTP id CCE521B1EEA for ; Sun, 17 Sep 2006 11:39:34 +0200 (CEST) Received: from mteege.de (dslb-088-072-202-167.pools.arcor-ip.net [88.72.202.167]) by mail-in-04.arcor-online.net (Postfix) with SMTP id ADE531881E2 for ; Sun, 17 Sep 2006 11:39:34 +0200 (CEST) Received: (qmail 4964 invoked from network); 17 Sep 2006 09:39:34 -0000 Received: from scl-22.mteege.de (HELO ice.mteege.de) (10.8.0.22) by 0 with SMTP; 17 Sep 2006 09:39:34 -0000 Message-ID: <7c5d40006308fab53faec51bd3bc71ad@mteege.de> To: linux-crypto@nl.linux.org Subject: boot from LVM2 device on loop-aes Date: Sun, 17 Sep 2006 11:39:34 +0100 From: Matthias Teege Reply-To: matthias-lcr@mteege.de MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_40 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: matthias-lcr@mteege.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Moin, I've created some LVM2 volumes on a loop-aes device which works great. I put mkdir /stick mount -r -t vfat /dev/sdb4 /stick losetup -e AES256 -K /stick/key.gpg /dev/loop0 /dev/sda3 in my initrd.scripts before the vgscan/vgchange commands but the losetup in busybox doesn't understand all commandline switches. Is it possible to boot from an LVM2 volume on top of loopaes? How do I setup it correct? Many thanks Matthias - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Sep 17 17:57:07 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOz0u-0001zu-7c; Sun, 17 Sep 2006 17:57:00 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 17 Sep 2006 17:56:37 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GOz08-0001y7-Qn for linux-crypto@nl.linux.org; Sun, 17 Sep 2006 17:56:12 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 3D156372BEF; Sun, 17 Sep 2006 18:56:01 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p25jzcNwKaZg; Sun, 17 Sep 2006 18:55:55 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 9319E370D2F; Sun, 17 Sep 2006 18:55:55 +0300 (EEST) Message-ID: <450D700A.1DE33B1B@users.sourceforge.net> Date: Sun, 17 Sep 2006 18:55:54 +0300 From: Jari Ruusu To: matthias-lcr@mteege.de Cc: linux-crypto@nl.linux.org Subject: Re: boot from LVM2 device on loop-aes References: <7c5d40006308fab53faec51bd3bc71ad@mteege.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Teege wrote: > I've created some LVM2 volumes on a loop-aes device which works > great. I put > > mkdir /stick > mount -r -t vfat /dev/sdb4 /stick > losetup -e AES256 -K /stick/key.gpg /dev/loop0 /dev/sda3 > > in my initrd.scripts before the vgscan/vgchange commands but the > losetup in busybox doesn't understand all commandline switches. > > Is it possible to boot from an LVM2 volume on top of loopaes? How > do I setup it correct? You need to use loop-AES version of losetup in your initrd. Try copying a statically linked version of losetup to your USB-stick. mkdir /stick mount -r -t vfat /dev/sdb4 /stick /stick/losetup -e AES256 -K /stick/key.gpg -G / /dev/loop0 /dev/sda3 ^^^^^^^ ^^^^ To compile statically linked version of losetup, add this to util-linux configure comand: CFLAGS=-O2 LDFLAGS="-s -static" ./configure ^^^^^^^^^^^^^^^^^^^^ -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Sep 18 22:22:32 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GPPdK-0007y5-SV; Mon, 18 Sep 2006 22:22:26 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 18 Sep 2006 22:21:44 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GPPaE-0007n8-CL for linux-crypto@nl.linux.org; Mon, 18 Sep 2006 22:19:14 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id B8D93412D12; Mon, 18 Sep 2006 23:18:58 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q5PP3UCt81-n; Mon, 18 Sep 2006 23:18:53 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 324C63E9AC0; Mon, 18 Sep 2006 23:18:53 +0300 (EEST) Message-ID: <450EFF2B.9006EF1F@users.sourceforge.net> Date: Mon, 18 Sep 2006 23:18:51 +0300 From: Jari Ruusu To: matthias-lcr@mteege.de Cc: linux-crypto@nl.linux.org Subject: Re: boot from LVM2 device on loop-aes References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Teege wrote: > > mkdir /stick > > mount -r -t vfat /dev/sdb4 /stick > > /stick/losetup -e AES256 -K /stick/key.gpg -G / /dev/loop0 /dev/sda3 > > I've put the static losetup on the stick and '/stick/losetup -a' > after the lines above. Losetup ask for the password but I've got > no output from losetup -a after giving the password. There are no > error messages. Do I need something else? Statically linked gpg program must be in /bin/ or /usr/bin/ or /usr/local/bin/ losetup uses gpg to decrypt the key file. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 21 21:06:34 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GQTsF-0006gh-82; Thu, 21 Sep 2006 21:06:15 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 21 Sep 2006 21:05:31 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GQTqZ-0004eB-1Q for linux-crypto@nl.linux.org; Thu, 21 Sep 2006 21:04:31 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 6060D413062; Thu, 21 Sep 2006 22:04:16 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-VN7S1ileX1; Thu, 21 Sep 2006 22:04:10 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 874CB41305B; Thu, 21 Sep 2006 22:04:10 +0300 (EEST) Message-ID: <4512E229.ECC6F58E@users.sourceforge.net> Date: Thu, 21 Sep 2006 22:04:09 +0300 From: Jari Ruusu To: Jens Lechtenboerger Cc: linux-crypto@nl.linux.org, Christian Ney , Peter Gutmann Subject: Re: Disk encryption best practices? References: <8764fp4jb1.fsf@pcwi4002.uni-muenster.de> <450A811F.11CEFF9C@users.sourceforge.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Jens Lechtenboerger wrote: > > 3. The German Linux-Magazin 10/06 (http://www.linux-magazin.de) > > features an article by Peter Gutmann and Christian Ney, where > > they analyze different types of crypto filesystems. They > > recommend Truecrypt, dm-crypt is second, and they essentially > > warn against loop-aes: > > I tried to look for that Linux-Magazin article, but I didn't find it > on-line. Do you have a URL for it? Christian Ney was kind enough to send me english language draft of the article. It might not be exactly what was printed, but at least I have something to quote and respond to. Quote from the article: | Loop AES is available as a series of Linux kernel patches One patch for 2.6 kernels, one patch for 2.4 kernels, or alternatively, outside of kernel tree buildable kernel module that builds for all recent 2.6, 2.4, 2.2, and 2.0 kernels. Module version doesn't need any kernel patching. | the behaviour of the encryption can change radically depending on which | compile or runtime configuration options are chosen Compile time configuration options do not change on-disk format. Having optimized assembler implementations available for popular processors (x86 and amd64) and instruction set extensions (VIA padlock) are good things to have. Runtime configuration options are needed for compatibility with old on-disk formats. Killing compatibility with old on-disk formats is not responsible thing to do. | the code makes it quite difficult to pin down exactly what's going on, or | whether it's actually doing what it's supposed to be doing. The code is difficult to read, I agree. Short version of what it does, is here: http://mail.nl.linux.org/linux-crypto/2006-05/msg00049.html | LoopAES uses an unsalted hash of the password, applying a single iteration | of a hash function like SHA-256 or SHA-512 to obtain the disk key [snip] | makes it trivially vulnerable to a precomputed dictionary attack That obsolete code path is there for backward compatibility only. All examples in the README file and losetup man page use version 3 multi-key mode, and none of above applies to those examples. For many years, the recommended way has been to use gpg encrypted key files. gpg uses salted+iterated key setup, so precomputed dictionary attacks won't work. | Data is encrypted with AES in CBC mode <<>>, | with a confusing array of IV-processing options using either the raw | sector number or an MD5 hash as the IV. Raw sector number IV is there for backward compatibility only. | no function return codes are ever checked, so if anything goes wrong the | code continues with all-zero keys or unencrypted data. aes_set_key(), aes_encrypt(), and aes_decrypt() functions return void type. To check return value of void returning function would be a bug that compiler would refuse to compile. Those functions never return any error because they do not have any error situations that can make them return failed status. If above mentioned functions, or other kernel called driver hooks, are passed invalid pointers, then pointer dereferencing will cause kernel mode exception, and the process will cease executing with kernel "Oops", and the function never returns. As for RAM pre-allocations that are done at loop device set up time, all pointers are checked at least once at allocation time, but not thereafter. This claim of "continues with all-zero keys or unencrypted data" is completely bogus. My conclusion of this article's loop-AES section is that the technical review was done in hurry, and for some unknown reason seems to focus on bits that were obsoleted years ago. Maybe the reason of such mistake is because the source code does not have explicit comments about which sections of code are for handling obsolete compatibility bits. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 22 01:48:01 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GQYGo-00010t-HU; Fri, 22 Sep 2006 01:47:54 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 22 Sep 2006 01:47:29 +0200 (CEST) Received: from csmail2.brookes.ac.uk ([161.73.1.22] helo=smtp.brookes.ac.uk) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GQYG3-0000qT-UE for linux-crypto@nl.linux.org; Fri, 22 Sep 2006 01:47:07 +0200 Received: from p0054498 by smtp.brookes.ac.uk with local (Exim 4.52) id 1GQYEH-000076-Dz for linux-crypto@nl.linux.org; Fri, 22 Sep 2006 00:45:17 +0100 From: p0054498@brookes.ac.uk To: linux-crypto@nl.linux.org Subject: =?utf-8?Q?Auto=3A_{Spam=3F_10}_{Virus=3F}_Returned_mail=3A_see_transcri?= =?utf-8?Q?pt_for_details?= In-Reply-To: <200609212344.k8LNi9ZQ023425@brookes.ac.uk> Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: Date: Fri, 22 Sep 2006 00:45:17 +0100 Received-SPF: X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_50,NO_REAL_NAME, RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: p0054498@brookes.ac.uk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is an automated reply from Jeya Henry; I am away until mid Sept and = will not be able to reply to you immediately.I will get back to you as so= on as I return.Journal authors please be pateint. =0D =00 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Sep 25 08:33:03 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GRk1T-0003V2-P8; Mon, 25 Sep 2006 08:32:59 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 25 Sep 2006 08:32:16 +0200 (CEST) Received: from web2.dportal.hu ([195.70.37.4]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1GRk0V-0003Qd-9X for linux-crypto@nl.linux.org; Mon, 25 Sep 2006 08:32:02 +0200 From: Postmaster@toyota.hu To: linux-crypto@nl.linux.org Subject: DELIVERY FAILURE: User _EMPTY_ (_EMPTY_@dportal.hu) not listed in Domino Directory X-MIMETrack: Itemize by SMTP Server on Web2/dPortal(Release 6.5.4FP2|September 12, 2005) at 2006.09.25 08:30:06, Serialize by Router on Web2/dPortal(Release 6.5.4FP2|September 12, 2005) at 2006.09.25 08:31:20, Serialize complete at 2006.09.25 08:31:20 Date: Mon, 25 Sep 2006 08:30:06 +0200 Message-ID: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="==IFJRGLKFGIR1389582UHRUHIHD" Received-SPF: X-Spam-Status: No, score=4.8 required=5.0 tests=BAYES_95,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Postmaster@toyota.hu Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --==IFJRGLKFGIR1389582UHRUHIHD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 WW91ciBtZXNzYWdlDQoNCiAgU3ViamVjdDogUmV0dXJuZWQgbWFpbDogRGF0YSBmb3JtYXQgZXJy b3INCg0Kd2FzIG5vdCBkZWxpdmVyZWQgdG86DQoNCiAgX0VNUFRZX0B0b3lvdGEuaHUNCg0KYmVj YXVzZToNCg0KICBVc2VyIF9FTVBUWV8gKF9FTVBUWV9AZHBvcnRhbC5odSkgbm90IGxpc3RlZCBp biBEb21pbm8gRGlyZWN0b3J5DQoNCg== --==IFJRGLKFGIR1389582UHRUHIHD Content-Type: message/delivery-status Reporting-MTA: dns;web2.dportal.hu Final-Recipient: rfc822;_EMPTY_@toyota.hu Action: failed Status: 5.1.1 Diagnostic-Code: X-Notes; User _EMPTY_ (_EMPTY_@dportal.hu) not listed in Domino Directory --==IFJRGLKFGIR1389582UHRUHIHD Content-Type: message/rfc822 Received: from nl.linux.org ([80.99.117.15]) by web2.dportal.hu (Lotus Domino Release 6.5.4FP2) with ESMTP id 2006092508293404-32783 ; Mon, 25 Sep 2006 08:29:34 +0200 From: linux-crypto@nl.linux.org To: km5@toyota.hu Subject: Returned mail: Data format error X-MIMETrack: Itemize by SMTP Server on Web2/dPortal(Release 6.5.4FP2|September 12, 2005) at 2006.09.25 08:30:06, Serialize by Router on Web2/dPortal(Release 6.5.4FP2|September 12, 2005) at 2006.09.25 08:31:20, Serialize complete at 2006.09.25 08:31:20 Date: Mon, 25 Sep 2006 08:30:06 +0200 Message-ID: Content-Type: text/plain Your mail 80.99.117.15:1104->195.70.37.4:25 contains contaminated file _Fromlinux_crypto_nl.linux.org__Datelinux_crypto_nl.linux.org__SubjReturned_mail:_Data_format_error_/_message.zip_/message.txt_________________________________________________________________________________________________________________________________ with virus Email-Worm.Win32.Mydoom.m,so it is dropped. --==IFJRGLKFGIR1389582UHRUHIHD-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/