I've been building a bootable Puppy (1.0.8) system on a USB key. I let Puppy do the build for me, creating a default-sized pup100 file for my files. First time round, I created an unencrypted pup100. On realizing that losing my key would give whoever found it access to the saved passwords in my Firefox, and the private keys in my .ssh folder, I decided to switch to an encrypted pup100. Took me a while to copy the files from the old pup100 to a new, encrypted, pup101, but I manged it. Imagine my surprise when I typed "head pup101" and noticed my "secret" password, repeated over and over. Duh. Some blocks in the file system are filled with zeroes. XOR with the password, and you get the password.
I think Puppy should use, or at least enable, a different encryption algorithm. AES appears to be supported in my Puppy configuration. At least losetup-FULL doesn't complain about it as an option (aes, aes128, & aes256 all work. I haven't tried others). I realize this will slow down loading and saving a little, but I think the encryption algorithm should be an option, encoded in the PFILE string.
XOR Encryption Is a Joke
-
billstclair
- Posts: 106
- Joined: Mon 27 Feb 2006, 01:23
- Location: Upstate New York
- Contact:
I agree 100%, XOR just gives a false sense of security and should be avoided completely (except for one-time pads, but that's a whole different ballgame!). However, others apparently disagree, see the recent Foundation Meeting transcript http://puppylinux.org/wikka/Foundation006Mar and search for XOR in there...
I'll add this as an enhancement request, now I know I'm not the only one who thinks we should not in good conscience call something "encrypted" when all we are doing is XOR. Not in 2006.
Jonathan
I'll add this as an enhancement request, now I know I'm not the only one who thinks we should not in good conscience call something "encrypted" when all we are doing is XOR. Not in 2006.
Jonathan
-
billstclair
- Posts: 106
- Joined: Mon 27 Feb 2006, 01:23
- Location: Upstate New York
- Contact:
Unfortunately, it appears to be more than a simple matter of changing the rc.sysinit script to call losetup-FULL with a different encryption algorithm. I can't get anything but xor to work, likely because nothing else is compiled in to the kernel. I see aes and des modules in /lib/modules/2.4.29/crypto, but modprobe'ing them doesn't make them work for losetup-FULL. It reports "ioctl: LOOP_SET_STATUS: Invalid argument".
Even 128-bit encryption would be a lot better than XOR. aes128 or twofish128 (the fastest of the AES candidates, according to http://www.disksave.com/twofish.html) would be good choices. 3des is likely too slow.
Even 128-bit encryption would be a lot better than XOR. aes128 or twofish128 (the fastest of the AES candidates, according to http://www.disksave.com/twofish.html) would be good choices. 3des is likely too slow.
I made a few noises during the Foundation meeting when the topic of encryption (XOR) came up. I see XOR as a way to keep honest people honest. The average Windows user won't know how to "break" the XOR setup. I also agree that it is about as secure as taping your password to the bottom of your keyboard, and then being burglarized. The thief would have to know where to look.
If a more secure method of encryption were available to Puppy, I would strongly support its adoption as an option. Maybe even offering multiple options with their time trade-offs spelled out. Let the end user decide.
Since I'm not in a position to contribute to a solution at this time, I'll end by stating that I strongly support this effort going forward.
Babbs
If a more secure method of encryption were available to Puppy, I would strongly support its adoption as an option. Maybe even offering multiple options with their time trade-offs spelled out. Let the end user decide.
Since I'm not in a position to contribute to a solution at this time, I'll end by stating that I strongly support this effort going forward.
Babbs