Re: safety of encrypted filesystems
On Fri, 17 Jun 2005 17:15:32 +1000
Alexander Zangerl <az@bond.edu.au> wrote:
> no, this is subtly wrong. the *encrypted* block affects the decryption
> of the block following it, not the cleartext block.
That's a possible, but unsecure way to do that.
This way, an attacker can try to decrypt any block x by using the
encrypted block x-1 and guessing the passphrase.
When knowing the structure of the filesystem, he will have a chance to
find the passphrase in a reasonable time.
When an attacher HAS TO decrypt the first block of a filesystem, AND
this filesystem starts with a challenge (random data) in the first block
and the real filesystem begins at the second block, there is no way to
guess the passphrase, because the attacker cannot check, if the first
block was decrypted correctly.
If i had to build an encrypted filesystem, i would use clusters of i.e.
8kb, starting with a challenge (256 bytes), followed by data (7.5 kb),
followed by error correction data (256 bytes).
On every write, the first 7 3/4 kb will be encrypted and then the
error-corrction code will we calculated for that data and stored in the
last part of the cluster.
I think, this will give good security with reasonable CPU-effort.
--
mit freundlichen Gruessen / with friendly regards
Michael Buchholz Phone.: +49 231 4755513
Paschknappstr. 13 Mobil.: +49 171 3111861
44265 Dortmund, Germany Fax...: +49 231 4755514
Reply to: