Re: [PATCH] Delete cryptoloop

From: Fruhwirth Clemens
Date: Sun Jul 25 2004 - 13:07:07 EST


On Sun, 2004-07-25 at 19:25, Jari Ruusu wrote:
> Fruhwirth Clemens wrote:
> > On Sun, 2004-07-25 at 13:42, Jari Ruusu wrote:
> > > Fruhwirth Clemens wrote:
> > There is no use in running your code. It does not decipher any block
> > without the proper key.
>
> So you never ran that. That explains a lot.

Probably just, that I like to save life time.

> > Where is the exploit?
>
> wget -O cryptoloop-exploit.tar.bz2 "http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&q=p3";

That's no exploit. Where is the exploit?
http://www.google.com/search?q=jargon%20exploit
When you're there, you can look up the term ``backdoor'' as well.

> > Further the link you provide in the posting above is broken (as you
> > already noticed). I tried at google cache, citeseer and the rest of
> > Saarien's homepage. No success.
>
> In short: exploit encodes watermark patterns as sequences of identical
> ciphertexts.

Probably I'm missing the point, but at the moment this looks like a
chosen plain text attack. As you know for sure, this is trivial. For
instance, AES asserts to be secure against this kind of attack. (See the
author's definition of K-secure..).

> > > Can you name implementation that your "key-truncated" version is compatible
> > > with that existed _before_ your version appeared?. To my knowledge, that
> > > key-truncated version is only compatible with itself, and there is no other
> > > version that does the same.
> >
> > Actually there is a version: util-linux 2.12 official. But
> > unfortunately, the official version truncates binary keys (at 0x00, 0x0a
> > values), that's what my patch is for. cryptsetup handles keys the same
> > way. So migration is easy, something which does not hold true for your
> > strange util-linux patches.
>
> Actually loop-AES' util-linux patch can used in mainline util-linux-2.12
> compatible mode. Just specify passphrase hash type as unhashed2

The default mode of loop-AES' isn't compatible with anything out there.

> But I was talking about your rmd160 compatibity with ancient mount versions
> that used 160 bits of hash output + 96 zero bits. Last time I looked at your
> compatibility code it used 128 bits of hash and 128 bits of zeroes.

I'm not aware of any ``ancient'' mount versions. util-linux 2.12 is not
designed to be compatible with anything. It's merely a low-level
interface, since the maintainer decided to omit hashing completely. My
patch enables the user to utilize external hash programs like hashalot.

The compatibility code you're referring to is probably my patch for
hashalot. As you know, this has nothing to do with util-linux. If you're
not happy with hashalot, write your own external hasher, you can do that
thanks to my patch.

--
Fruhwirth Clemens <clemens@xxxxxxxxxxxxx> http://clemens.endorphin.org

Attachment: signature.asc
Description: This is a digitally signed message part