Caveat emptor Re: loop.c: DES bugfixes

Olaf Titz (olaf@bigred.inka.de)
Sun, 19 Jul 1998 02:20:43 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nathan Hand: "Re: setuid/setgid technology - OLD and NASTY"
Previous message: bytor@tucka.nmhu.edu: "Re: Forget fragmentation (was Re: Linux hostile to poverty)"

> I've updated the *-kernel and *-crypto patches to work with 2.1.108.
> I'll make these updates available from:
> ftp://mail1.bet1.puv.fi/incoming/
> I think the *-kernel patch could safely be merged with the mainstream
> kernel (this includes the XOR-encryption). The *-crypto patch contains
> serious cryptography such as IDEA and CAST, and probably suffer from
> those silly and annoying export restrictions. Note that the patches

This looks good, but has a major pitfall: there are documented options
to set the various modes (CBC, CFB etc.) but they are not implemented
at all, the device accepts them but always uses ECB. I found this
while paranoia-checking the ciphertext and saw large chunks of
repeating 8-byte sequences. As we all know, this gives the first step
towards mounting known plainext attacks.

So _please_ when publishing stuff like this, at least clearly mark the
unimplemented parts UNIMPLEMENTED in the man pages, everything else
gives a false sense of security. (The really correct solution would be
for the kernel to throw EINVAL somewhere when losetup'ing in CBC
mode.)

olaf

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Nathan Hand: "Re: setuid/setgid technology - OLD and NASTY"
Previous message: bytor@tucka.nmhu.edu: "Re: Forget fragmentation (was Re: Linux hostile to poverty)"