All of lore.kernel.org
 help / color / mirror / Atom feed
From: Philippe Cerfon <philcerf@gmail.com>
To: cryptsetup@lists.linux.dev
Subject: Re: security of re-encryption
Date: Tue, 8 Nov 2022 21:10:21 +0100	[thread overview]
Message-ID: <CAN+za=PQpm8MiUYpbB_aYqEnTRz2Do2sqr2yZthEp3oO4qGSPw@mail.gmail.com> (raw)
In-Reply-To: <CAN+za=M8rBabbD841n=L55bP9KdCjiPDAAgGDtoUM6ydje0few@mail.gmail.com>

Hey Michael.

Thanks for your reply! :-)

> Consider just that the first several bytes of the HTTP
> request portion of a HTTPS transaction are not just guessable, but
> can
> pretty much be considered to be _known_ since they are essentially
> dictated by the HTTP standard.

I had thought about that, too, but imagined that the following might
make a difference:
- With HTTP, only the first few bytes are the same (more or less)
unless one transmits large files or so (but then again, wouldn't TLS
renegotiations hapen after a while)? With LUKS one migh have many TB
of ciphertext (before and after). So I wondered whether that could
make a difference.
- With TLS, doesn't one typically have some ephemeral key, and even if
that was compromised only that particular session (or part thereof)
would be compromised. For cryptsetup the key is "static", so the
effect would be much bigger.

Of course I didn't want to imply, that I'd knew of any such attack.
I'm not an expert, so I merely asked whether something is known and
whether re-recryption is recommended from a security point of view!

So I guess it is. Thanks for your help.

Sincerely,
Philippe

      parent reply	other threads:[~2022-11-08 20:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-08  2:40 security of re-encryption Philippe Cerfon
2022-11-08  8:53 ` Michael Kjörling
2022-11-08 20:10 ` Philippe Cerfon [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAN+za=PQpm8MiUYpbB_aYqEnTRz2Do2sqr2yZthEp3oO4qGSPw@mail.gmail.com' \
    --to=philcerf@gmail.com \
    --cc=cryptsetup@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.