Re: safety of encrypted filesystems

To: debian-security@lists.debian.org
Subject: Re: safety of encrypted filesystems
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 17 Jun 2005 08:34:57 +0200
Message-id: <[🔎] 87hdfx1ofi.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050617061508.GA19367@cirrus.madduck.net> (martin f. krafft's message of "Fri, 17 Jun 2005 08:15:08 +0200")
References: <[🔎] 20050617061508.GA19367@cirrus.madduck.net>

* martin f. krafft:

> Encrypted filesystems are hip these days, [...]

Are they?  I thought most of the fuzz was about encrypted block
devices.

> If such a bad block occurs and renders a small part of the encrypted
> file unreadable, wouldn't the entire partition and all its data be
> effectively destroyed?

A corrupt sector corrupts the remaining part of the block.  Block
sizes are much smaller than 1 GB because when part of a block is
changed, all the following bytes have to be rewritten (if a reasonable
the cipher mode is used).

By the way, the very fact that the block is not lost completely
indicates a major cryptographic weakness: there are no integrity
checks at all.  (The constant IV problem is another one.)  These
weaknesses don't matter in many scenarios, but it's still an
undesirable situation.

Reply to:

Follow-Ups:
- Re: safety of encrypted filesystems
  - From: martin f krafft <madduck@debian.org>

References:
- safety of encrypted filesystems
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Security Support by the Security-Team
Next by Date: Re: safety of encrypted filesystems
Previous by thread: safety of encrypted filesystems
Next by thread: Re: safety of encrypted filesystems
Index(es):
- Date
- Thread