Announcement

Collapse
No announcement yet.

EXT4/Fscrypt Changes For Linux 4.18: Speck File-System Encryption Being Added

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by DrYak View Post
    I thinks he's referring to one-time pad, the only type of encryption that is provably mathematically unbreakable.
    That's great for sending messages around, but it makes 0 sense for digital storage.

    How can that apply on a digital storage device? Once something is written on the disk then the noise used to encode it basically becomes its key, each time you change this key you must re-write alkl these files.

    And also store a large amount of noise to be its key. Really, for digital storage it's pretty much the same or worse than other encryption.

    It's absolutely completely unpractical for storage (it would mean having giant multi-terabytes spools of tape containing nothing but noise to be used to XOR against when encrypting, that you need to defend dearly with your life or destroy in case of risk of capture, and you can only use exactly once each chunk of tape noise)
    Chaos Key, fully open hardware and software, is a true random number generator. http://altusmetrum.org/ChaosKey/

    If you have a decent understanding of electronics making a random noise generator isn't terribly hard.
    The chaos key is just that, coupled with a microcontroller to read the values and feed the randomness to Linux's pool (because it's also supported in upstream Linux)

    Comment


    • #12
      Originally posted by DrYak View Post

      I thinks he's referring to one-time pad, the only type of encryption that is provably mathematically unbreakable.

      (And is unbreakable in real-life too, as long as your have used an actual true-random source to generate, and manage to protect the pad itself as required, and indeed only use it once - unlike what was done in virtually all the historical situations of OTP being broken due to either capture of the pad or statistical analysis upon pad re-use).
      Exactly, that's what I meant. Thanks for understanding me!

      Comment


      • #13
        Originally posted by starshipeleven View Post
        Chaos Key, fully open hardware and software, is a true random number generator. http://altusmetrum.org/ChaosKey/
        Funnily, I was exactly wanting to get one of these to experiment with it.

        And to go back to our "OTP for storage" :
        - Basically have the Chaos key running for a long time, enough to feel a whole LTO-9 (or whatever is the current number. This things seem to multiply sequels even faster than Sharknado ! :-D )
        - Make one exact bitwise copy of the tape for each agent.
        - Give one copy of the "OTP Tape" to each each and tell them they need to defend it with their life like regular OTP books.

        For data use a suitably small medium (e.g.: SD card)
        - Use some log-structured file system (e.g.: a modified F2FS) for simplicity.
        - Whenever you write a new log entry on the FS, pick the next block of noise from the tape. Store the block number together with the encrypted (XOR-ed) data.
        - Whenever you read, seek the OTP tape to the block number specified and get the noise block to XOR again against.
        - Always pick the "next block" when writing (+1 from the latest written entry, no matter what) to avoid OTP-reuse attacks.
        - Once you run out of tape-noise : your medium is read-only, until a new OTP tape is written and shipped to all parties.

        Also, simulates burning old pages of OTP books :
        - For garbage-collected log entries (when space is free), erase (securly : multiple over-writes) the corresponding block of noise on the tape.
        - Also erase tape noise for log entries that you don't intend to read anymore

        Is this secure ? Yes, definitely and provably exactly as secure as an OTP, provided the same assumption (that none of the OTP tapes in circulation falls to an adversary. Exactly as with OTP books).

        Is this in any way practical ? No. Nooooooo. Nope.
        This would have horrendous performance (random tape seeking) and is absolutely not practical.

        Unless you choose a suitably small encrypted medium (floppy ? :-D ) for which you can store all the necessary random generated noise on a bunch of quickly seekable hard-drives.

        And if you squint at it :
        - real world encryption is basically almost that.
        Except that instead of storing a suitably large enough amount of noise on a tape in advance, you use an algorithm that can generate the "noise" on the flight for any given block number (= i.e.: a stream cipher in counter mode).
        You've replaced a stored source of true randomness, with a virtual-source of reproducible (but hopefully not predictable) algorithmic noise.

        And instead of protecting a giant OTP book or a giant OTP spool of tape, you only need to protect the initial vector.
        Either by protecting it with a password (well, not the password itself. But using the output of a suitable password key derivation function: PBKDF2, Scrypt, Argon) or using cryptographic keypairs.

        That makes the "get the correct/next noise block" part much more practical than seeking along a giant spool of tape. But you're at the mercy of the noise-generating algorithm being secure.
        Current suspicions are: speck might be backdoored, there might be a way to "guess" what the "virtual imaginary OTP" produced by it would be.

        Chacha20-Poly1305 is just as good as Speck on low power hardware (Again, it works even on an Arduino-class hardware : even tinier than any embed linux using ext4), but is a lot less controversial.


        Originally posted by starshipeleven View Post
        If you have a decent understanding of electronics making a random noise generator isn't terribly hard.
        (McCoy's voice I'm a cotor, Jim. Not an electronics engineer !...

        But I know barely enough physics to know that true random noise generation is possible with simple electronics (some type of diodes cascaded together or something :-D )

        Comment

        Working...
        X