Re: partially encrypted filesystem
From: David Wagner
Date: Fri Dec 05 2003 - 19:03:42 EST
Jörn Engel wrote:
>On Thu, 4 December 2003 19:18:26 +0000, David Wagner wrote:
>> What? No. Modern cryptosystems are designed to be secure against
>> known plaintext attacks. Making your system more convoluted merely to
>> avoid providing known plaintext is a lousy design approach: the extra
>> complexity usually adds more risk than it removes.
>All cryptosystems are designed around the hope that noone figures out
>how to break them. Many smart people trying and failing to do so
>gives a good general feeling, but nothing more. It remains hope.
What's your point? Nothing you are saying contradicts my conclusion.
I'll repeat my point: adding extra complexity adds more risk than it
takes away. Sure, maybe you reduce the risk of a cryptographic failure
a teeny little bit by avoiding known plaintext, but doing so generally
makes the system more convoluted and hard to understand and maintain,
and *that* generally increases the risk of a security failure more than
enough to counterbalance any gains.
Basic principle: All else being equal, it's generally a good idea to
put more effort into defending against the more likely failure modes,
and less effort into less likely failures.
What are the chances that AES gets broken in the next 10 years?
Pretty small, I believe. What are the chances that there is a bug
in the encrypting filesystem software that is discovered at some point
in the next 10 years? Considerably higher. So, focus on the software.
Complexity is your enemy.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/