lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141106125517.GA3719@thunk.org>
Date:	Thu, 6 Nov 2014 07:55:17 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Milan Broz <gmazyland@...il.com>
Cc:	Mikulas Patocka <mpatocka@...hat.com>, linux-ext4@...r.kernel.org,
	dm-devel@...hat.com
Subject: Re: [dm-devel] Some thoughts about providing data block checksumming
 for ext4

On Wed, Nov 05, 2014 at 10:37:09PM +0100, Milan Broz wrote:
> 
> Also, for encrypted devices (either on file level or block level) I think 
> there are still requests for implementing real crypto authenticated modes (like GCM)
> which obviously need similar space for auth tag. (I think ZFS uses it this way.) 

Yes, although it depends on your threat model.  If you need to worry
about known or chosen plaintext attack modes --- for example, if you
were implementing the chrome browser where the attacker might be able
to play MITM and replace web pages which would then get encrypted in
the browser cache, and where the attacker can continuously read and/or
replace blocks (say, because of some really stupid design where you
are using an unprotected iSCSI connection).  Or if you assume the
attacker can remove the hard drive, twiddle some blocks, and then
surreptitiously replace the hard drive many times, then yes, you need
to worry about data integrity because a system that doesn't include a
MAC --- such as what dm-crypt provides, is simply not enough.

Basically, a dm-crypt style block device encryption is only good if
your threat model is "the attacker steals the laptop and I want to
keep the contents of the storage device safe".

Michael Halcrow discussed this in this years Linux Security Symposium:

	http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf

Cheers,

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ