[dm-crypt] dm-crypt "inverted" usage (i.e. exporting an "encrypted" image of a block device)

Milan Broz gmazyland at gmail.com
Thu Aug 1 09:43:20 CEST 2013


On 1.8.2013 9:00, Ciprian Dorin Craciun wrote:
>      As said, I guess this can be obtained in two ways:
>      * either if there is a "backward" mode for dm-crypt;  (which I'm
> not aware of;)

No, there is not.

I hope I understand your use case correctly, bu if so, this mode
(transport over network) _cannot_ be secure.

Imagine reply attack - anyone on the way can replace old ciphertext
and you have no chance to detect it.

An example of this (very simplified) attack:
Imagine user removal. The tool (userdel) first reads /etc/shadow and
then writes it (with user removed).

Listener can e.g. revert user removal without key knowledge, he only
need to detect correct packets for this transaction and replace content
to previous version (so files remains unchanged).
No key needed, just reply manipulation with ciphertext.

Proper network encryption will detect this.

If you mean this as some experiment, good (but I think it is not
possible without switching encrypt/decrypt in dmcrypt code or in encryption
cipher module, but will think about it more later :-)

But if you mean this seriously - do not do it. Use encrypted connection
(ipsec/vpn/ssh tunnel whatever). Only these tools are designed for newtork
connection protection.

BTW I use this as a classic example of misuse of FDE...
http://mbroz.fedorapeople.org/talks/DevConf2012/img8.jpg

Milan



More information about the dm-crypt mailing list