lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Aug 2017 23:07:57 -0400 From: Theodore Ts'o <tytso@....edu> To: Anand Jain <anand.jain@...cle.com> Cc: Eric Biggers <ebiggers3@...il.com>, linux-fscrypt@...r.kernel.org, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org, Jaegeuk Kim <jaegeuk@...nel.org>, Richard Weinberger <richard@....at>, Michael Halcrow <mhalcrow@...gle.com>, Eric Biggers <ebiggers@...gle.com> Subject: Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption On Tue, Aug 22, 2017 at 10:22:13AM +0800, Anand Jain wrote: > > I think AE is the only good solution for this, File-name encryption at > this stage won't solve any kind of Evil Maid attack, (as it was quoted > somewhere else in ML). AE doesn't help at all against the Evil Maid attack, since the Evil Maid is trying get the user's keying material, and what kind of encryption you are using is pretty much irrelevant. The typical attack (where the user's keys are available to the host CPU) involves compromising the system software --- and system software is public (everyone can get a copy of the Android system image for a particular device), so encryption is pointless. That's why the system image is protected using dm-verity, which provides data integrity, but not confidentiality. The bootloader will protect against installing a new system image unless you have the private key of the handset manufacturer to sign said system image. But the Evil Maid can carry out a "chip off" attack, where flash chip is desoldered and the system image, and the dm-verity information can be written directly without the bootloader being able to prevent it. This is why using AE isn't going to help you. Sure, the Evil Maid could try to diddle directories and use complicated crypto attacks. But why bother when they can just simply steal the user's keys, at which point all the AE in the world doesn't help a whit. Cheers, - Ted
Powered by blists - more mailing lists