| View previous topic :: View next topic |
| Author |
Message |
halfgaar
l33t
Joined: 22 Feb 2004
Posts: 781
Location: Netherlands
|
 Posted: Mon Sep 11, 2006 11:55 pm Post subject: The cryptographic safety of encrypted partitions |
 |
|
I've got a question about cryptographic security, specificly when dealing with partitions. Let's consider a newly created LUKS partition. After the creation, should you format it with a tool which completely zeroes out the entire partition (like Windows' full format does), you will have large repetative sequences on your disk. If you analyse the encrypted data, and find a certain pattern very often, like 0x4a, then you know it's very likely that 0x00 encrypts to 0x4a. You then can far more easily determine the key used, right?
The example with a format tools which writes nothing but zeroes is extreme (mke2fs and reiser don't do it, for instance), but the example still stands. It's very likely partitions eventually have very repetative data written to them, like bittorrent client which allocate the data first (and doesn't use sparse files). As with the format, this will create a lot of sequencial zeroes. You then have a good base for crypto analysis.
Another example would be the partition header and/or first few kilobytes. There are only so many filesystems, so you know what to look for. The filesystems' magic number (if it has one) makes it even more easy.
Are the algorithms designed to prevent detection of expected data? Or, is determining the key for known patterns (like the 0x00->0x4a example above) more difficult than I think?
Any thoughts would be welcome. |
|
| Back to top |
|
 |
visi
n00b
Joined: 01 Sep 2006
Posts: 11
|
|
| Back to top |
|
|
halfgaar
l33t
Joined: 22 Feb 2004
Posts: 781
Location: Netherlands
|
| Posted: Tue Sep 12, 2006 10:05 am Post subject: |
|
|
Forgive me for not reading the entire articles, but I think I know what they're about. I know about magnetic retention and stuff, and that when you know what pattern was used to erase a disk (like zeroes), you can then filter out this pattern and have the original data. I always use Darik's Boot and Nuke (on the ultimate boot CD) to erase disks before I dump them. The funny thing is, that erasing like that is better than throwing it in the river or blowing up the building they were in.
However, I've also heard claims that on modern drives, the data density is too high for such advanced recovery methods (recovering a with zeroes erased disk), and that such techniques only work with those x-hunderd MB disks. But, better safe then sorry...
I never investigated this issue for solid state memory, BTW. Also interesting.
But, are there any people here who know exactly how symmetrical encryption, like AES, works? Is it really easy to determine the key if you know 0x00 encrypts to 0x4a, for example? |
|
| Back to top |
|
|
Sachankara
l33t
Joined: 11 Jun 2004
Posts: 696
Location: Stockholm, Sweden
|
| Posted: Tue Sep 12, 2006 12:51 pm Post subject: |
|
|
Both cryptsetup-luks and encfs encodes each block (and file for encfs) with a different key, thus making it extremely hard to see any patterns. The encryption methods should be very safe.
_________________
Gentoo Hardened Linux 2.6.21 + svorak (Swedish dvorak) |
|
| Back to top |
|
|
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Tue Sep 12, 2006 6:00 pm Post subject: |
|
|
If you are extremely paranoid (which you seem to be), you can do, after the cryptsetup command, a | Code: | | dd if=/dev/urandom of=/dev/mapper/whatever bs=... count=... |
Random data encrypted with random keys, that should take care of any patterns that might be analyzed. |
|
| Back to top |
|
|
halfgaar
l33t
Joined: 22 Feb 2004
Posts: 781
Location: Netherlands
|
| Posted: Tue Sep 12, 2006 6:09 pm Post subject: |
|
|
I am paranoid, true  , but I don't think that is really necessary... Filling a disc which was previously unecrypted with random data is vital of course, otherwise your original data may still exist on parts of the disc that are not used again after encryption. |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Tue Sep 12, 2006 7:00 pm Post subject: |
|
|
| halfgaar wrote: | | But, are there any people here who know exactly how symmetrical encryption, like AES, works? Is it really easy to determine the key if you know 0x00 encrypts to 0x4a, for example? |
If it would be that easy ... would everybody up to the NSA really use it? What you describe here are the ancient encryption mechanisms like supstitution ciphers - nothing even comparable to things like Twofish or AES.
Even _if_ you could say 0x00 always is encrypted to become 0x4a all you have is one little peace, a minimal better chance to have a correct encryption key. Good encryption looks like random data - the lesser the possibility to find any kind of pattern the better.
| halfgaar wrote: | | I am paranoid, true , but I don't think that is really necessary... |
actually it is neccessary
Otherwise you'd give an forensic specialst weak points where he can start, things like filesizes etc. If everything is random no matter if the block is empty (from an fs point of view) or not makes it extremely harder to find anything.
(One single tree standing lonely somewhere is much more visible than the exact same tree in the middle of a forrest)
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
sundialsvc4
Guru
Joined: 10 Nov 2005
Posts: 436
|
| Posted: Mon Dec 04, 2006 7:46 pm Post subject: |
|
|
What you are describing is a so-called "known plaintext attack," where excerpts of known or predicted plaintext, and/or the statistical characteristics thereof, are used in an effort to either determine the key or to significantly reduce the size of the keyspace that would have to be exhaustively searched for it.
All of the cryptographic algorithms used in encrypted filesystems have been extensively cryptanalyzed for their possible vulnerability to known-plaintext attacks. While it is certainly possible that large blocks of known zeroes might present a theoretical problem, filesystems (and other crypto applications) typically compress the data before encrypting it, and they "salt" the encryption-key with a cryptographically-strong random element.
The weakness of an encrypted filesystem will not be the encryption algorithm nor its application; the weakness will be the key and the handling of that key. Virtually every cryptosystem that is successfully attacked is broken through some aspect of the key-management. |
|
| Back to top |
|
|
halfgaar
l33t
Joined: 22 Feb 2004
Posts: 781
Location: Netherlands
|
| Posted: Mon Dec 04, 2006 10:49 pm Post subject: |
|
|
| Quote: | | The weakness of an encrypted filesystem will not be the encryption algorithm nor its application; the weakness will be the key and the handling of that key. Virtually every cryptosystem that is successfully attacked is broken through some aspect of the key-management. |
You mean how the software handles the keys, or the users?
I always wonder BTW, if the NSA and similair organizations can break encryption as easily as a lot of people say. I kind of doubt it. They have two ways of doing it; either by massive computing power, or by knowing a weakness in the althorithm. The NSA computers may make beaking encryption faster than most organizations can, but I really doubt those computers can be so strong, that they're millions of times faster than a normal PC. And the second point, althorithm weakness, is unlikely because AES, for example, is an open algorithm, not some obscure proprietary stuff, so the whole world can inspect it for weaknesses. It would be really unlikely if the NSA knew the weaknesses, whereas the rest of the entire world can't find them.
And, wasn't there a law that prohibited strong encryption, or the export thereof, in the united states? That itself indicates that they can't break strong encryption.
But, it's just speculation on my part.
_________________
Linux backups the right way.
Get surround sound working. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
