Cryptoloop
Cryptoloop is a
block device
onto another.
Cryptoloop can create an encrypted
storage device. This is accomplished by making use of a loop device, a pseudo device that enables a normal file to be mounted as if it were a physical device. By encrypting I/O
to the loop device, any data being accessed must first be decrypted before passing through the regular file system; conversely, any data being stored will be encrypted.
Cryptoloop is vulnerable to watermarking attacks,[2] making it possible to determine presence of watermarked data on the encrypted filesystem:
This attack exploits weakness in IV computation and knowledge of how file systems place files on disk. This attack works with file systems that have soft block size of 1024 or greater. At least
Newer versions of cryptoloop's successor, dm-crypt, are less vulnerable to this type of attack if used correctly.[4]
See also
References
- ^ "Kernel development". LWN.net. October 2002. Retrieved 2015-02-15.
- ^ SecuriTeam (2005-05-26). "Linux Cryptoloop Watermark Exploit". Retrieved 2006-08-09.
- ^ Saarinen, Markku-Juhani O. (2004-02-19). "'Re: Oopsing cryptoapi (or loop device?) on 2.6.*' - MARC". Retrieved 2017-06-04.
- ^ Markus Reichelt (2004-06-20). "Why Mainline Cryptoloop Should Not Be Used". Retrieved 2017-06-04.
External links