On Wed, 2013-12-25 at 21:34 +0100, intrigeri wrote:
> Hi,
>
> Marco Calamari wrote (24 Dec 2013 11:42:36 GMT) :
> > After readint the descritpion of this attack (injection attack type
> > against LUKS-CBC volumes)
>
> > <http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/>
>
> > I check that my persistent partition (built a lot of TAILS
> > version ago) is of CBC type.
>
> If an attacker gets write access to a Tails USB stick, they can as
> well corrupt the initramfs or some other part of the system, and from
> there have a persistent file be modified during next boot, without
> having to guess what block this file is stored at in the persistent
> volume. Seems easier than the attack against CBC, no?
>
> Or did I miss the threat model you had in mind?
Hi
no, absolutely, you're right; but CBC is under critics since a long
time,
so at least doing persistency without it should not need
an explicit danger, but only because it is not best of breed
and the alternative block cypher is already there and comes
for free....
> > Time to switch to XTS and/or warn user having CBC partition to
> > reformat?
>
> Note that cryptsetup 1.6 defaults to XTS. Once Tails is based on
> Wheezy, we might want to install this version, assuming a backport is
> not too painful to produce and maintain. Anyone volunteering to
> try this?
>
> Additionally, this would provide compatibility with the on-disk
> TrueCrypt format (which is not very useful until the rest of the
> udisks / GNOME Disks / Nautilus stack has this support, wishlist bug
> reported there a while ago, needs someone to write the code).
--
+---------------
http://www.winstonsmith.org ---------------+
| il Progetto Winston Smith: scolleghiamo il Grande Fratello |
| the Winston Smith Project: unplug the Big Brother |
| Marco A. Calamari marcoc@??? http://www.marcoc.it |
| DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B |
+ PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 ----------+