Re: [Tails-dev] CBC malleability attack

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: marcoc
CC: The Tails public development discussion list
Oggetto: Re: [Tails-dev] CBC malleability attack
Hi,

Marco Calamari wrote (26 Dec 2013 14:08:36 GMT) :
> no, absolutely, you're right;


Thanks for clarifying.

> but CBC is under critics since a long
> time,
> so at least doing persistency without it should not need
> an explicit danger, but only because it is not best of breed
> and the alternative block cypher is already there and comes
> for free....


I could agree in theory (I would need to have a closer look, though).

Let's clarify what the real-world details look like. AFAICT, udisks
FilesystemCreate method does not allow passing parameters to
cryptsetup, so what you call "for free" implies, in practice, one of:

A. Patch Wheezy's udisks to call cryptsetup with the right parameters,
and maintain this patch (if we're lucky, udisks won't be upgraded
ever during the lifetime of Wheezy, but who knows).

B. Ship cryptsetup 1.6

   1. build a backport of cryptsetup 1.6 for Wheezy
   2. make sure Wheezy's udisks etc. work well enough with cryptsetup
      1.6 to not break the persistent volume assistant
   3. maintain the backport of cryptsetup 1.6 for Wheezy until Tails
      is based on Jessie.


I'm very happy if someone volunteers to do one of these, but I would
definitely not say it comes "for free": it comes with an initial
development, testing and review cost, plus the corresponding
maintenance for 1-2 years.

Any taker? :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc