RE: DES and IDEA in the kernel _very_ broken! (was: DES code in the kernel)

Ray Van Tassle-CRV004 (Ray_Van_Tassle-CRV004@email.mot.com)
Thu, 18 Jul 1996 14:45:04 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Phillip: "Re: Dumping /dev/zero to the console"
Previous message: Patrick Main: "setting kernel panic to reboot"

Why not use blowfish? AFAIK, IDEA requires a license (at least, in order to
be used legally).
And why not use OFB? Our Secure Comm group here (at Motorola) is switching
to OFB mode for our new products. And the APCO-25 standard specifies OFB.
I think I like your IV idea.

I was planning to look into blowfish after I'm done fixing the (still
existant) deadlock bug with the loop driver.

Regards,
Ray

________________________________________________________
To: linux-kernel@vger.rutgers.edu@INTERNET
From: iang@cs.berkeley.edu@INTERNET on Thu, Jul 18, 1996 1:38 PM
Subject: z-DES and IDEA in the kernel _very_ broken! (was: DES code in the
kernel)

Path: not-for-mail
Newsgroups: isaac.lists.linux-kernel
Old-Subject: DES and IDEA in the kernel _very_ broken! (was: DES code in the
kernel)
Organization: ISAAC Group, UC Berkeley
Lines: 60
Distribution: isaac
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.93.960715113812.8471A-100000@paranoid.cdrom.com>,
Kernel Mailing List <kernel@paranoid.cdrom.com> wrote:
>
>
>I recently desired to set up an encrypted file system in a file via the
>loop device. I downloaded the package des.1.tar.gz and followed the
>instructions for installing it in my 2.0.0 kernel including touching the
>files mentioned (des.c and des.h) problem is it doesn't compilein, I took
>a look back at des.c and saw that it did not have a des.o file after
>building so I added des.o to the list of object files to link into
>kernel.o in the kernel dirctories Makefile. This time remaking the kernel
>generated a .o file in that directory however attempting to execute
>something like:
>
>losetup -e des /dev/loop0 test
>on a 1 meg file called test full of nulls gives:
>Password:
>Init (up to 16 hex digits):
>ioctl: LOOP_SET_STATUS: Invalid argument
>#
>
>i enter the password and initialization digits but no banana. The same
>procedure without -e des works (of course the file system is not block
>ciphered like I'd like it)
>
>
>

The DES and IDEA code available now is very, very broken. The DES code
in the kernel ignores your key and always uses a key of all 0 bits
(which is a weak key in DES, to boot). It also uses the weak PCBC
mode. The IDEA code uses ECB mode (which gives away patterns in the file),
and the code in mount that creates the password only uses the _first byte_
of your entered password.

I've made fixes to DES and IDEA so that they use CBC mode, with IV based on
the block number. I've also fixed mount so that it uses SHA1 to create
the actual encryption keys from your pass phrase. This morning, I got
steganography working (hide a filesystem in the low bits of an audio file).
However, I'm still getting very odd problems when I try to layer an
encrypted filesystem over a stego filesystem (hide an encrypted filesystem
in the low bits of an audio file). I'll keep looking at that.

It's _very_ important that this gets fixed in the kernel soon. People who
are using the current DES code and think they're getting security are just
wrong.

- Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe1A0kZRiTErSPb1AQH+egP+NZ/mh69algBr3lg2n2dM+umcEVdY1irE
cdS2O8kZcuNbqFPVmuVnHmFO1C+Oqmf/j9jUrWjbQMsFR1lRZZhtvBDS5mkfPX4O
YSVwv0HkbHxBz4qn+r1PWmjkqYoajuoPaqdbE2V/svhzTWEIMBh3WVxVKUjhO1u/
7yWka6SpMTQ=
=DXlD
-----END PGP SIGNATURE-----

Next message: Phillip: "Re: Dumping /dev/zero to the console"
Previous message: Patrick Main: "setting kernel panic to reboot"