[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyfile Support for GRUBs LUKS

From: Glenn Washburn
Subject: Re: Keyfile Support for GRUBs LUKS
Date: Wed, 20 Nov 2013 01:02:44 -0600

On Wed, 20 Nov 2013 06:48:40 +0100
Vladimir 'φ-coder/phcoder' Serbinenko <address@hidden> wrote:

> On 20.11.2013 06:43, Glenn Washburn wrote:
> > Modifying the cipher text just
> > manifests as random data corruption of the plain text device, again
> > not a security issue and nothing that signatures would prevent.
> It's a security threat. Imagine you have somewhere a routine which
> verifies SSH-key when connecting by network. Replace it with random
> data. With some significant probability this decodes to valid opcodes
> but which do no check. Now everyone can use your SSH.
> encryption provides secrecy. Signatures provide verification. Using
> one to achieve the other will always fail.

Let me see if I understand you.  Suppose an attacker can modify the LUKS
containers cipher text and happens to know the exact block which
contains the routine for verifying the ssh key.  The attacker then
writes some data to that block, which will then manifest as random
bytes once unencrypted.

You're claiming that there's a more than insignificant probability that
this could cause the verification to not happen?  And thus for anyone
to be able to log into the system via ssh?  I hope you're not
suggesting that because it would be ludicrously improbable (try
executing data from /dev/random and see how far you get). If you'd like
more of an analysis I can provide reasons why, but I think its fairly
obvious. If I've misunderstood you (highly probable), could you explain
in more detail.

In the above scenario, signatures must cover those specific bytes in
order to verify that you're running the correct ssh key verification
code.  Then, to extrapolate, you need to have signatures for all code
and some data on your system.  While I would agree that signatures for
everything is ideal, all other things being equal, I don't think that's
what the OP had in mind.

Also, if this kind of threat were worth considering, why doesn't LUKS
address this?  It would seem fairly easy (add some HMACs in the blocks).
Did they just fail to address some huge security concern?

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]