[clug] Encrypted Filesystems and "Watermark Attack"
daniel at rimspace.net
Wed Aug 19 07:45:06 MDT 2009
steve jenkin <sjenkin at canb.auug.org.au> writes:
> A while back I came across this & some other comments on inherent
> weaknesses of encrypted filesystems.
> Does anyone know if these claims are now repudiated or answered in 'modern'
Alex covers half of the issue nicely. But, um, did you actually read the
wikipedia article you linked to, from which I quote:
This weakness affected many disk encryption programs, including older
versions of BestCrypt as well as the now-deprecated cryptoloop.
The problem can be relatively easily eliminated by making the IVs
unpredictable with, for example, ESSIV. Alternatively, one can use
modes of operation specifically meant for disk encryption (see disk
Unless you embarrass me by pointing out that you just changed that, that seems
to answer your question comprehensively: yes, it has been solved, through
ESSIV (as Alex points out), or through designed-to-purpose disk encryption
> I agree with a comment in the Ubuntu thread:
> "I can't imagine Redhat shipping something that wasn't right..."
They shipped cryptoloop.
Meanwhile, I think the real lesson to learn is that you should never use a
cryptosystem that wasn't designed by real, honest to god professionals,
subject to public scrutiny and well designed.
Unless, of course, you are like most of us and the actual cryptographic
strength of the disk encryption is so absolutely, totally meaningless that an
XOR with a CRC32 of the unsalted, unmodified password makes an equal amount of
real world difference.
(...and, yes, I do include myself in that bucket, thank you.)
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
More information about the linux