Hi, Marco Calamari wrote (24 Dec 2013 11:42:36 GMT) : > After readint the descritpion of this attack (injection attack type > against LUKS-CBC volumes)
> <http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/> > I check that my persistent partition (built a lot of TAILS > version ago) is of CBC type. If an attacker gets write access to a Tails USB stick, they can as well corrupt the initramfs or some other part of the system, and from there have a persistent file be modified during next boot, without having to guess what block this file is stored at in the persistent volume. Seems easier than the attack against CBC, no? Or did I miss the threat model you had in mind? > Time to switch to XTS and/or warn user having CBC partition to > reformat? Note that cryptsetup 1.6 defaults to XTS. Once Tails is based on Wheezy, we might want to install this version, assuming a backport is not too painful to produce and maintain. Anyone volunteering to try this? Additionally, this would provide compatibility with the on-disk TrueCrypt format (which is not very useful until the rest of the udisks / GNOME Disks / Nautilus stack has this support, wishlist bug reported there a while ago, needs someone to write the code). Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
