[Pkg-cryptsetup-devel] Bug#371135: About Bug#371135: suggestion

Michael Gebetsroither gebi at sbox.tugraz.at
Sat Jun 17 13:03:22 UTC 2006 

Quoting Mika Bostrom <bostik at bostik.iki.fi>:

hi,

>   I claim that this is impossible. There is no way to be absolutely sure
> about non-destructiveness of the operation. I'll try to explain.

you shouldn't be too shure about this ;).

>   With changing keys there is absolutely no way to identify what is
> valid swap space area. I see two possible approaches that _might_ be
> _theoretically_ doable:

creativity ;)
i think there are a few more choices.

>   1. If crypttab defines an encrypted swap, use vol_id check for both
>      the created mapping AND the actual device.
>
>   2. Use Jari Ruusu's watermark attack and explicitly disallow ESSIV
>      encryption mode for swap.

3. deprecate the usage of plain cryptodevices for swap and use luks instead.
    we have to explicitly format on every reboot, but we would be able  
to check.
    This does not help against user failuers, where another luks partition is
    given as swap partition.

4. map the swap with an offset and write a magic cookie in the first sector(s)
    maybe also left sector(s) at the end of the device, because the  
first sector
    get's easily destroyed by a live-cd or hibernation.

5. if we force luks for swap we could use the UUID to check if it's really our
    device. beside this we should add a command to cryptsetup to actually set
    the UUID or to reinitialise the master key (i'm more comfortable with
    reinitialise the master key, suggestions?)

plain cryptsetup should imho be deprecated for swap.

>   The problem with case 2 is that I have no idea how difficult it
> would be to watermark swap space and still keep it completely usable.  I
> also do not even like the idea of using a cryptanalytic attack and
> intentionally weakening encryption for any protected area.

imho not a good idea ;)

>   So the two practical approaches that I see, are: allow users to hang
> themselves, or do not allow automatically used encrypted swap at all.

linux _HAS_ to do as the user said.

>   Sure, you could add yet another test for partition size and require
> that for encrypted swap the size of the swap is given. This doesn't
> sound too practical, and still does not provide absolute protection
> against human errors - I could have 4G swap and 4G encrypted /usr/local.
> In which case the issues of case 1 are present again. You can't use
> partition type either, as swap could be a file.

That would be another possibility. put the size (in blocks) in the configfile.

>   With all due respect, I do not see how you could possibly prevent the
> users from damaging their setups in all possible cases.

we shouldn't, if the user want to destroy it, so be it.

greets,
Michael Gebetsroither

More information about the Pkg-cryptsetup-devel mailing list