| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Mar 2016 08:47:48 -0500
From: Eric Biggers <ebiggers3@...il.com>
To: Jaegeuk Kim <jaegeuk@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux FS Dev Mailing List <linux-fsdevel@...r.kernel.org>,
Linux F2FS Dev Mailing List
<linux-f2fs-devel@...ts.sourceforge.net>
Subject: Re: [GIT PULL] f2fs updates for v4.6
It seems strange to me --- a "renaming" commit made IVs start getting reused,
weakening the encryption. Do you have an explanation for how this change got
introduced?
Another question about the choice of IV. If the page index in CPU order is
(supposed to be) used as the IV, doesn't make the on-disk format of the
filesystem endianness-dependent? I thought that's a big no-no.
On Sat, Mar 26, 2016 at 01:56:06AM -0700, Jaegeuk Kim wrote:
> On Sat, Mar 26, 2016 at 01:10:07AM -0500, Eric Biggers wrote:
> > Why was the XTS tweak initialization changed in commit 0b81d0779072 ("fs crypto:
> > move per-file encryption from f2fs tree to fs/crypto")?
> >
> > Old code:
> >
> > memcpy(xts_tweak, &index, sizeof(index));
> > memset(&xts_tweak[sizeof(index)], 0,
> > F2FS_XTS_TWEAK_SIZE - sizeof(index));
> >
> > New code:
> > memcpy(xts_tweak, &inode->i_ino, sizeof(index));
> > memset(&xts_tweak[sizeof(index)], 0,
> > FS_XTS_TWEAK_SIZE - sizeof(index));
> >
> > Now the XTS tweak is the same for all pages of each inode.
>
> Thank you for catching this.
> I've checked several times, but turns out I missed something tho. :(
> Let me write a patch to fix this.
>
> Thanks,
>
>
Powered by blists - more mailing lists