[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: Vulnerability in encrypted loop device for Linux
From:       Jerome Etienne <jme () off ! net>
Date:       2001-12-19 14:02:55
[Download RAW message or body]

On Wed, Dec 19, 2001 at 02:59:42PM +0100, Marc Mutz wrote:
> But to call this a vulnerability is a bit far-featched, I think.

according to me, it is a vulnerabilty because user expects security
from it and in my opinion, an attacker being able to successfully
modify the device is a hole in the security.
 
> As a workaround, users could use GnuPG (or PGP if you want) to create a 
> detached signature of the /dev/loop device after unmounting and to 
> check this signature before mounting. If I'm not mistaken you can even 
> leave the file lying around, since the MAC is then signed with your 
> secret PGP key anyway.

using PGP/GPG would be another way to authenticate the device, less 
self-contained but it will works.
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]