Fedora's default encryption option easily broken?

Why is Fedora’s default encryption option LUKS2 easily broken in the default setup?

You choose LUKS2, encrypt the partition, and then you look at the mapped device /dev/mapper/luks-whatever and you see many sectors filled with zeros at the beginning of the /dev/mapper/luks-whatever device.

Basically, you get the known source data mapped using an X vector of known encryption algos to the output data of zeros. That’s basically giving you a decryption vector and allowing for an easy way to penetrate your installation. It’s not just a case of knowing what the decrypted data is on the encrypted device which is a giant no no. It’s a special case of that data being zeros, which is mathematically special in terms of an easy solution to getting the decryption vector.

This might answer your question.

The existence is 0 blocks just means nothing has been written yet I would guess. Are you claiming that they allow the encryption key to be extracted?

Do you have code that uses that knowledge and can decrypt any luks2 partition?

Can i have copy to test on my partitions?

Or are you just guessing?

Edit: Ninja’ed by @arturasb !

Let’s first address this conceptually. Do you want an attacker to know what your private stored data is? No. Do you want an attacker to know some part of your private stored data? No. If you can agree with these simple a priori concepts then we can reason further.

I am not asserting ‘any’ - I am asserting the ones that make available known sectors with known zeros, for one.

What is your threat model? What attack are your concerned about?

All that is being exposed is how many blocks in the file system that have never been written to.

That does expose the maximum amount of data that is potentially on the partition, but that is the limit of the infomation you can conclude.

If you care about this case then you can fix it by filling the file system with a file and delete it.

A follow-up question for Fedora devs is why is option -A (–alloc-start) to specify the offset of a btrfs filesystem not available in mkfs.btrfs on Fedora?

Start a new topic for your new question please.

1 Like