Re: [Tails-dev] CBC malleability attack

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: marcoc
CC: The Tails public development discussion list
Subject: Re: [Tails-dev] CBC malleability attack
Hi,

Marco Calamari wrote (24 Dec 2013 11:42:36 GMT) :
> After readint the descritpion of this attack (injection attack type
> against LUKS-CBC volumes)


> <http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/>


> I check that my persistent partition (built a lot of TAILS
> version ago) is of CBC type.


If an attacker gets write access to a Tails USB stick, they can as
well corrupt the initramfs or some other part of the system, and from
there have a persistent file be modified during next boot, without
having to guess what block this file is stored at in the persistent
volume. Seems easier than the attack against CBC, no?

Or did I miss the threat model you had in mind?

> Time to switch to XTS and/or warn user having CBC partition to
> reformat?


Note that cryptsetup 1.6 defaults to XTS. Once Tails is based on
Wheezy, we might want to install this version, assuming a backport is
not too painful to produce and maintain. Anyone volunteering to
try this?

Additionally, this would provide compatibility with the on-disk
TrueCrypt format (which is not very useful until the rest of the
udisks / GNOME Disks / Nautilus stack has this support, wishlist bug
reported there a while ago, needs someone to write the code).

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc