Re: Cryptoloop patch for builtin default passphrase

[Nico Augustijn]

On Tue, Oct 26, 2004 at 08:17:53AM +0200, Jan Engelhardt wrote:
> >This here patch will make the kernel use a default passphrase (compiled
into
> >the kernel or cryptoloop.ko module) when you set up a cryptoloop device
with:
>
> Suppose I break in via ssh:
> I could load the module (if applicable), and find the address of the
> function or variable in System.map, extract the static passphrase, and
> well. Then?

Ahem.
The point you are making is rather moot. Because if you manage to get a
shell on the system, the data can readily be copied because the encrypted
filesystem is supposed to be mounted.
Unless I miss your point.

And once you are in the system there are easier ways to obtain the
passphrase than the one you described above. As I clearly stated earlier,
it is merely more difficult to obtain the encrypted data. It is _not_
impossible. It took me approximately 4 hours to break into the system
myself. I bet there's people around who can do it in less than 1 hour.

Some of you might then ask: "What's the point of it then anyway?"
Well, I am probably capable of creating a much better solution with almost
unbreakable encryption. My boss just won't allow me the time for this.
This patch took me about a day to write. It's the best I could come up
with in such a short time.


Nico Augustijn.

[remainder of message deleted]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/