DES and IDEA in the kernel _very_ broken! (was: DES code in the kernel)

Ian Goldberg (iang@cs.berkeley.edu)
17 Jul 1996 12:37:42 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Werner Fink: "Re: 3c59x driver 0.25 falls off network"
Previous message: David L. Dight: "Re: Not a bible thumper. . ."
Next in thread: Ervin D. Walter: "joysticks..."
Reply: Ervin D. Walter: "joysticks..."

-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.93.960715113812.8471A-100000@paranoid.cdrom.com>,
Kernel Mailing List <kernel@paranoid.cdrom.com> wrote:
>
>
>I recently desired to set up an encrypted file system in a file via the
>loop device. I downloaded the package des.1.tar.gz and followed the
>instructions for installing it in my 2.0.0 kernel including touching the
>files mentioned (des.c and des.h) problem is it doesn't compilein, I took
>a look back at des.c and saw that it did not have a des.o file after
>building so I added des.o to the list of object files to link into
>kernel.o in the kernel dirctories Makefile. This time remaking the kernel
>generated a .o file in that directory however attempting to execute
>something like:
>
>losetup -e des /dev/loop0 test
>on a 1 meg file called test full of nulls gives:
>Password:
>Init (up to 16 hex digits):
>ioctl: LOOP_SET_STATUS: Invalid argument
>#
>
>i enter the password and initialization digits but no banana. The same
>procedure without -e des works (of course the file system is not block
>ciphered like I'd like it)
>
>
>

The DES and IDEA code available now is very, very broken. The DES code
in the kernel ignores your key and always uses a key of all 0 bits
(which is a weak key in DES, to boot). It also uses the weak PCBC
mode. The IDEA code uses ECB mode (which gives away patterns in the file),
and the code in mount that creates the password only uses the _first byte_
of your entered password.

I've made fixes to DES and IDEA so that they use CBC mode, with IV based on
the block number. I've also fixed mount so that it uses SHA1 to create
the actual encryption keys from your pass phrase. This morning, I got
steganography working (hide a filesystem in the low bits of an audio file).
However, I'm still getting very odd problems when I try to layer an
encrypted filesystem over a stego filesystem (hide an encrypted filesystem
in the low bits of an audio file). I'll keep looking at that.

It's _very_ important that this gets fixed in the kernel soon. People who
are using the current DES code and think they're getting security are just
wrong.

- Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe1A0kZRiTErSPb1AQH+egP+NZ/mh69algBr3lg2n2dM+umcEVdY1irE
cdS2O8kZcuNbqFPVmuVnHmFO1C+Oqmf/j9jUrWjbQMsFR1lRZZhtvBDS5mkfPX4O
YSVwv0HkbHxBz4qn+r1PWmjkqYoajuoPaqdbE2V/svhzTWEIMBh3WVxVKUjhO1u/
7yWka6SpMTQ=
=DXlD
-----END PGP SIGNATURE-----

Next message: Dr. Werner Fink: "Re: 3c59x driver 0.25 falls off network"
Previous message: David L. Dight: "Re: Not a bible thumper. . ."
Next in thread: Ervin D. Walter: "joysticks..."
Reply: Ervin D. Walter: "joysticks..."