[wellylug] USB stick protection
Daniel Pittman
daniel at rimspace.net
Sun Mar 29 20:54:22 NZDT 2009
Atom Smasher <atom at smasher.org> writes:
> On Sun, 29 Mar 2009, Cliff Pratt wrote:
>> Atom Smasher wrote:
>>> On Sun, 29 Mar 2009, Cliff Pratt wrote:
>>>
>>>> http://mareichelt.de/pub/texts.cryptoloop.php
>>>>
>>>> Though I'm not sure that TrueCrypt == truecrypt and whether the flaws
>>>> are to be found in later versions of truecrypt > 4.1.
>>> ======================
>>>
>>> first paragraph, last sentence: "Up-to-date versions of dm-crypt (with
>>> LUKS) and truecrypt are also ok to use."
>>>
>>> also: "Unfortunately truecrypt [versions prior to 4.1] is just
>>> another broken device crypto implementation that uses good ciphers
>>> in insecure way. Specially crafted static bit patterns are easily
>>> detectable through that kind of bad crypto. Requirements: (1) used
>>> ciphers must have 128-bit block size and (2) file system where bit
>>> patterns are stored must have 2K or larger soft block size. Many
>>> popular linux file systems meet those requirements."
>>>
>>> the paper is about 5 years old.
>>>
>> Yes, but last modified last November.
> =================
>
> it's been updated but refers to an implementation error that seems to
> have been fixed in late 2005...
*nod* They moved from CBC to LRW to XTS encryption over subsequent
releases in response to this vulnerability. The page cited is correct,
but not up to date.
Regards,
Daniel
More information about the wellylug
mailing list