[Full-disclosure] Possible issues with encrypted Linux filesystems?

[Levente Peres <sheridan@xxxxxxxxx>]

Dear All,

Yesterday I had a very interesting conversation with Anthony G. Basile, 
Ph. D. of D'Youville College about filesystem security. We thought that 
we should continue this discussion here, so we could all contemplate on 
the possibility of such a thing being possible.

After reading Anthony's article, which you may find here...

http://opensource.dyc.edu/random-vs-encrypted


...I've became worried about something very alarming, which I'd like to hear 
your opinion about.

You see, it's one thing that you encrypt data, and then make backups, encrypt 
those backups, and the attacker could get valuable information by comparing the 
patterns of the two... But when encrypting an entire operating system space, 
you actually encrypt much more than the data you wish to protect: you encrypt 
your system files, your packages, all of it. Now this may sound like an ideal 
thing to do, but I'm not so sure about that anymore.

Now, as we know, most Linux distributions have at least some files, 
directories, whatever that are bound to be the same on all systems. For 
example, binaries of gcc, some base directory names like /var, /usr, /home, 
layouts, and things like that. Even more, if you are using a "standard" distro 
like CentOS, you are assured to have literally gigabytes of data in forms of 
binary RPM packages on a default "base" installation, which not only are sure 
to be the same on all systems, but even their distribution across filesystems 
are prone to be predictable. For simplicity's sake, let's just put these into 
one bucket and call them "known artefacts".

I'm now worried that if an attacker knows, or "guesses" that you are using, 
say, CentOS Linux 5.5, (or at least some mutation of Red Hat), he might use 
this knowledge of "known artefacts" to his advantage, by starting out from the 
data he knows "must be there", and looking for it's "patterns". I don't know... 
This may be a longshot, wishful thinking or both, but somehow it feels to me 
like it's a lot easier to break a code when you already know exactly what the 
decrypted data is, and what it looks like. It should be like 
reverse-engineering ancient-egyptian text by seeing the same damn text in two 
or three other different languages you can actually understand... Essentially 
you could at the very least improve your chances at success if you have several 
certain, fixed points of reference for the decryption procedure (these 
"artefacts" we mentioned).

I'll dare to go even further... Even if you are not encrypting your entire 
system, just the data... you could be leaving behind arefacts like file format 
headers, etc etc... or in case of LVM, logical flesystems within the LVM could 
leave behind headers, identifiers to mark the type, end or beginning, etc. of 
FS, whatever. I agree it's not much, and probably no concern, but if you want 
to be extremely paranoid, it's something.

Now I'm not pretending to be an encryption expert... But I've go to tell it to 
you, If there's any possibility to this - then it creeps me out. Worst case 
scenario, we could be looking at the possibility of breaking virtually any
"standard" distro as long as one could "guess" (or "brute-force-guess") the 
version and type of the distro, AND the system is encrypted along with the data 
to be protected...

I'd like you guys to put me back to ease by either proving me fatally wrong, or 
if there's anything to this... well, then we should discuss anyway.

Best Regards,

Levente Peres

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/