This blog post is in continuation of the previous post, where I showed why you should not use ECB when encrypting your data. Well, when putting down an encrypted filesystem, such as LUKS, you've probably been told that you should put random data down on the partition first BEFORE encrypting the disk. Well, this post will illustrate why, and it's simple enough to do on your own GNU/Linux system.
I'll be using bitmaps in this example, as I did in the previous, except I'll use a different image. First, let's create a "random filesystem". Encrypted data should appear as nothing more than random data to the casual eye. This will be our target image for this exercise.
$ dd if=/dev/urandom of=target.bmp bs=1 count=480054 $ dd if=glider.bmp of=target.bmp bs=1 count=54 conv=notrunc
Here is what my target "encrypted filesystem" should look like (converting to GIF format for this post). Click to zoom:
 |
 |
| Plaintext image | Target filesystem |
Now let's create a file full of binary zeros. This file will be the basis for our block device, and imitates an unused hard drive quite well. I have chosen ext2 over other filesystems, mostly because the size restriction with these files. Feel free to increase the file sizes, and use ext3, ext4, XFS, JFS, or whatever you want.
The file "400x400.bmp" is a white bitmap that is 400x400 pixels in size, rather than the 200x200 pixel "glider.bmp". This is to accommodate for the larger filesystems used in this post, and make the illustrations more clear. For your convenience, download the 400x400.bmp and glider.bmp for this exercise.
In these commands, "$" means running the command as an unprivileged user, "#" means running as root.
$ dd if=/dev/zero of=plain-zero-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 plain-zero-ext2.bmp # mkfs.ext2 /dev/loop0 # mount /dev/loop0 /mnt # cp glider.bmp /mnt # umount /mnt # losetup -d /dev/loop0 $ dd if=400x400.bmp of=plain-ext2.bmp bs=1 count=54 conv=notrunc
This should give us a reference image to see what a "plaintext" filesystem would look like with our file copied to it. Now, let's setup two encrypted filesystems, one using ECB and the other using CBC, and we'll compare the three files together:
First the ECB filesystem:
$ dd if=/dev/zero of=ecb-zero-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 ecb-zero-ext2.bmp # cryptsetup -c aes-ecb create ecb-disk /dev/loop0 # mkfs.ext2 /dev/mapper/ecb-disk # mount /dev/mapper/ecb-disk /mnt # cp glider.bmp /mnt # umount /mnt # dmsetup remove ecb-disk # losetup -d /dev/loop0 $ dd if=400x400.bmp of=cbc-zero-ext2.bmp bs=1 count=54 conv=notrunc
Now the CBC filesystem:
$ dd if=/dev/zero of=cbc-zero-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 cbc-zero-ext2.bmp # cryptsetup create cbc-disk /dev/loop0 # mkfs.ext2 /dev/mapper/cbc-disk # mount /dev/mapper/cbc-disk /mnt # cp glider.bmp /mnt # umount /mnt # dmsetup remove cbc-disk # losetup -d /dev/loop0 $ dd if=400x400.bmp of=ecb-zero-ext2.bmp bs=1 count=54 conv=notrunc
What do we have? Here are the results of my filesystems. Click to zoom:
 |
 |
 |
| Plaintext filesystem | ECB filesystem | CBC filesystem |
How do they compare to our target filesystem? Well, not close really. Even when using CBC mode with AES, we can clearly see where the encrypted data resides, and where it doesn't. Now, rather than filling our disk with zeros, let's fill it with random data, and go through the same procedure as before:
First the "plaintext" filesystem:
$ dd if=/dev/urandom of=plain-urandom-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 plain-urandom-ext2.bmp # mkfs.ext2 /dev/loop0 # mount /dev/loop0 /mnt # cp glider.bmp /mnt # umount /mnt # losetup -d /dev/loop0 $ dd if=400x400.bmp of=plain-urandom-ext2.bmp bs=1 count=54 conv=notrunc
Now the ECB filesystem:
$ dd if=/dev/urandom of=ecb-urandom-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 ecb-urandom-ext2.bmp # cryptsetup -c aes-ecb create ecb-disk /dev/loop0 # mkfs.ext2 /dev/mapper/ecb-disk # mount /dev/mapper/ecb-disk /mnt # cp glider.bmp /mnt # umount /mnt # dmsetup remove ecb-disk # losetup -d /dev/loop0 $ dd if=400x400.bmp of=cbc-urandom-ext2.bmp bs=1 count=54 conv=notrunc
Finally, the CBC filesystem:
$ dd if=/dev/urandom of=cbc-urandom-ext2.bmp bs=1 count=480054 # losetup /dev/loop0 cbc-urandom-ext2.bmp # cryptsetup create cbc-disk /dev/loop0 # mkfs.ext2 /dev/mapper/cbc-disk # mount /dev/mapper/cbc-disk /mnt # cp glider.bmp /mnt # umount /mnt # dmsetup remove cbc-disk # losetup -d /dev/loop0 $ dd if=400x400.bmp of=ecb-urandom-ext2.bmp bs=1 count=54 conv=notrunc
Check our results. Click to zoom:
 |
 |
 |
| Plaintext filesystem | ECB filesystem | CBC filesystem |
Much better! By filling the underlying disk with (pseudo)random data first, then encrypting the filesystem with AES using CBC, we have a hard time telling the difference between it and our target filesystem, which was our main goal.
So, please, for the love of security, before putting down an encrypted filesystem on your disk, make sure you fill it with random data FIRST! The Debian installer, and many others, does this by default. Let it run to completion, even if it takes a few hours.
{ 14 } Comments