[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-crypto
Subject: Re: Vulnerability in encrypted loop device for Linux
From: Jerome Etienne <jme () off ! net>
Date: 2001-12-19 14:02:55
[Download RAW message or body]
On Wed, Dec 19, 2001 at 02:59:42PM +0100, Marc Mutz wrote:
> But to call this a vulnerability is a bit far-featched, I think.
according to me, it is a vulnerabilty because user expects security
from it and in my opinion, an attacker being able to successfully
modify the device is a hole in the security.
> As a workaround, users could use GnuPG (or PGP if you want) to create a
> detached signature of the /dev/loop device after unmounting and to
> check this signature before mounting. If I'm not mistaken you can even
> leave the file lying around, since the MAC is then signed with your
> secret PGP key anyway.
using PGP/GPG would be another way to authenticate the device, less
self-contained but it will works.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic