Error correction with aes-looback / cryptoloop?

Thu Feb 28 05:09:43 UTC 2008

William Park wrote:
> On Tue, Feb 26, 2008 at 09:49:10PM -0500, Mike Oliver wrote:
>> I have a laptop on which I would like to put my
>> $HOME directory on an encrypted partition, in case
>> someone were to steal it in an airport or something.
>> I've been experimenting with using an encrypted
>> loop device using the cryptoloop module and AES128
>> encryption.
>>
>> It seems to work fine, but I'm not so happy about the
>> thought that a one-bit HDD error could make me lose the
>> entire partition.  I was wondering if anyone knows whether
>> any of the available encryption options use error
>> correction, so as to greatly mitigate this possibility?
>> I would happily accept a 10% file size increase for
>> this purpose.
> 
> I found that 'dm-crypt' and 'EncFS' are two easiest methods.  'dm-crypt'
> does block encryption (ie. disk partition), and 'EncFS' does files
> encryption (ie. directory tree).
> 
> Since you want to encrypt the entire "home" partition, try 'dm-crypt'.
> It sits at the same level as raid.  You need 'cryptsetup' package, which
> automatically loads all the necessary kernel modules for you.  Usage
> would go something like
>     
>     cryptsetup create home /dev/hda4
>     mke2fs -j /dev/mapper/home
>     mount /dev/mapper/home /home
>     umount /home
>     cryptsetup remove home
> 

One thing I haven't heard anyone mention is encrypted swap. If you're 
using encrypted filesystems (especially) or encrypted files (even), it 
is possible that decrypted files could be paged to the disk in the event 
you run low on memory, or decide to suspend/hibernate. Thus while the 
circumstances in which sensitive data might be on disk are low, 
encrypting your swap will help mitigate against that particular set of 
risks.

OTOH, see http://citp.princeton.edu/memory/ for an interesting piece on 
retrieving encryption keys from suspended/hibernated machines from a 
cold boot. The story made the rounds a few days ago:

"Contrary to popular assumption, DRAMs used in most modern computers 
retain their contents for seconds to minutes after power is lost, even 
at operating temperatures and even if removed from a motherboard. 
Although DRAMs become less reliable when they are not refreshed, they 
are not immediately erased, and their contents persist sufficiently for 
malicious (or forensic) acquisition of usable full-system memory images. 
We show that this phenomenon limits the ability of an operating system 
to protect cryptographic key material from an attacker with physical 
access. We use cold reboots to mount attacks on popular disk encryption 
systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no 
special devices or materials."

If you're really paranoid, encrypt your files on an encrypted disk, with 
encrypted swap. And if you really value your data, don't put it on your 
computer in the first place...

Jamon

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists